Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 9JbJZPtaKF.exe

Overview

General Information

Sample Name:9JbJZPtaKF.exe
Analysis ID:491916
MD5:133c10454108aa86301f79a03aa24046
SHA1:21439179cb8700406d57332079ab311d08b0c9bf
SHA256:de0cb500125d733becbdeb53cf7b3f1bace4dc91e54805007718970124ef6797
Tags:BitRATexeRAT
Infos:

Most interesting Screenshot:

Detection

AsyncRAT BitRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected BitRAT
Multi AV Scanner detection for submitted file
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Yara detected AntiVM3
Yara detected AsyncRAT
Multi AV Scanner detection for dropped file
Hides threads from debuggers
Sample uses process hollowing technique
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Creates multiple autostart registry keys
Sigma detected: Suspicious Script Execution From Temp Folder
Writes to foreign memory regions
Connects to many ports of the same IP (likely port scanning)
Bypasses PowerShell execution policy
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Suspicious powershell command line found
Machine Learning detection for sample
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Creates files in alternative data streams (ADS)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Detected TCP or UDP traffic on non-standard ports
Installs a global mouse hook
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Sigma detected: PowerShell Script Run in AppData

Classification

Process Tree

  • System is w10x64
  • 9JbJZPtaKF.exe (PID: 6972 cmdline: 'C:\Users\user\Desktop\9JbJZPtaKF.exe' MD5: 133C10454108AA86301F79A03AA24046)
    • RegAsm.exe (PID: 7040 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 7084 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
      • cmd.exe (PID: 4348 cmdline: 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 2132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • powershell.exe (PID: 720 cmdline: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
          • mmybgd.exe (PID: 4776 cmdline: 'C:\Users\user\AppData\Local\Temp\mmybgd.exe' MD5: BDC628B212725C5FD4287591393CB44E)
            • RegAsm.exe (PID: 4676 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • ct.exe (PID: 4644 cmdline: 'C:\Users\user\AppData\Roaming\cf\ct.exe' MD5: 133C10454108AA86301F79A03AA24046)
    • RegAsm.exe (PID: 5916 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • ct.exe (PID: 5344 cmdline: 'C:\Users\user\AppData\Roaming\cf\ct.exe' MD5: 133C10454108AA86301F79A03AA24046)
    • RegAsm.exe (PID: 6740 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 6756 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • bg.exe (PID: 6184 cmdline: 'C:\Users\user\AppData\Roaming\bp\bg.exe' MD5: BDC628B212725C5FD4287591393CB44E)
    • RegAsm.exe (PID: 2532 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 5276 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 6580 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 3176 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • bg.exe (PID: 7072 cmdline: 'C:\Users\user\AppData\Roaming\bp\bg.exe' MD5: BDC628B212725C5FD4287591393CB44E)
    • RegAsm.exe (PID: 6748 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 6696 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 6764 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
    0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
      0000000B.00000003.306946941.00000000006DF000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
          0000000B.00000003.306899015.00000000006EA000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
            Click to see the 42 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            14.3.ct.exe.739714.2.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
              14.3.ct.exe.739714.2.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                0.3.9JbJZPtaKF.exe.7ee9c8.3.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                  0.3.9JbJZPtaKF.exe.8051e4.1.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                    11.3.ct.exe.6f4934.1.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                      Click to see the 24 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
                      Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: 'C:\Users\user\Desktop\9JbJZPtaKF.exe' , ParentImage: C:\Users\user\Desktop\9JbJZPtaKF.exe, ParentProcessId: 6972, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 7040
                      Sigma detected: Suspicious Script Execution From Temp FolderShow sources
                      Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4348, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' , ProcessId: 720
                      Sigma detected: PowerShell Script Run in AppDataShow sources
                      Source: Process startedAuthor: Florian Roth, Jonhnathan Ribeiro, oscd.community: Data: Command: 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit, CommandLine: 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentProcessId: 7084, ProcessCommandLine: 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit, ProcessId: 4348
                      Sigma detected: Possible Applocker BypassShow sources
                      Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: 'C:\Users\user\Desktop\9JbJZPtaKF.exe' , ParentImage: C:\Users\user\Desktop\9JbJZPtaKF.exe, ParentProcessId: 6972, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 7040
                      Sigma detected: Non Interactive PowerShellShow sources
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4348, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' , ProcessId: 720
                      Sigma detected: T1086 PowerShell ExecutionShow sources
                      Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132773126290596771.720.DefaultAppDomain.powershell

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 9JbJZPtaKF.exeVirustotal: Detection: 35%Perma Link
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeReversingLabs: Detection: 40%
                      Machine Learning detection for sampleShow sources
                      Source: 9JbJZPtaKF.exeJoe Sandbox ML: detected
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeJoe Sandbox ML: detected
                      Source: 4.2.RegAsm.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                      Source: 17.2.RegAsm.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                      Source: 12.2.RegAsm.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                      Source: RegAsm.exe, 0000001F.00000002.544923977.0000000000400000.00000040.00000001.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
                      Source: 9JbJZPtaKF.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: Binary string: Telemetry.Common.pdb## source: 9JbJZPtaKF.exe, 00000000.00000000.277618427.0000000000487000.00000002.00020000.sdmp, ct.exe, 0000000B.00000003.309143224.0000000002FD6000.00000004.00000001.sdmp, ct.exe, 0000000E.00000002.328247413.0000000000487000.00000002.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437767065.0000000000487000.00000002.00020000.sdmp, bg.exe, 00000021.00000000.460309859.0000000000487000.00000002.00020000.sdmp
                      Source: Binary string: Telemetry.Common.pdb source: 9JbJZPtaKF.exe, 00000000.00000000.277618427.0000000000487000.00000002.00020000.sdmp, ct.exe, 0000000B.00000002.311356379.0000000000487000.00000002.00020000.sdmp, ct.exe, 0000000E.00000002.328247413.0000000000487000.00000002.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437767065.0000000000487000.00000002.00020000.sdmp, bg.exe, 00000021.00000000.460309859.0000000000487000.00000002.00020000.sdmp
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 4x nop then push ebp0_2_00479C70
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 4x nop then push ebp0_2_00452290
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 4x nop then push ebp0_2_00459460
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 4x nop then push ebp0_2_00459460
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 4x nop then push ebp0_2_0044FF30

                      Networking:

                      barindex
                      Connects to many ports of the same IP (likely port scanning)Show sources
                      Source: global trafficTCP traffic: 185.157.160.136 ports 1,1975,3,1973,7,9
                      Source: global trafficTCP traffic: 192.168.2.3:49749 -> 185.157.160.136:1973
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.157.160.136
                      Source: RegAsm.exe, 00000004.00000002.561796956.000000000530D000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.441347188.0000000000923000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: RegAsm.exe, 00000004.00000002.552795488.00000000011B6000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: RegAsm.exe, 00000004.00000002.561796956.000000000530D000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: powershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: ct.exeString found in binary or memory: http://schemas.microsof
                      Source: RegAsm.exe, 00000004.00000002.554885816.0000000002EB1000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.443919743.0000000004591000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: 9JbJZPtaKF.exe, 9JbJZPtaKF.exe, 00000000.00000000.277536101.0000000000401000.00000020.00020000.sdmp, RegAsm.exe, 00000004.00000002.558074837.00000000042E7000.00000004.00000001.sdmp, ct.exe, 0000000B.00000000.306368311.0000000000401000.00000020.00020000.sdmp, ct.exe, 0000000E.00000002.328150567.0000000000401000.00000020.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437697279.0000000000401000.00000020.00020000.sdmp, bg.exe, 00000021.00000002.472166356.0000000000401000.00000020.00020000.sdmpString found in binary or memory: http://www.vb-helper.com/vba.htm
                      Source: powershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
                      Source: RegAsm.exe, 0000001F.00000002.544923977.0000000000400000.00000040.00000001.sdmp, bg.exe, 00000021.00000003.462953448.00000000034F0000.00000004.00000001.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
                      Source: powershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306946941.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306899015.00000000006EA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327182152.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325299126.000000000070C000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.544974477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280183910.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278483376.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306958807.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325371450.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.356231512.00000000061A4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325340924.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327210322.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278249926.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278304939.0000000000805000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.554990912.0000000002EE8000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278201980.00000000007FA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308889804.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306989450.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278470265.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327236288.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.322158875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306923152.00000000006C7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278264012.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325501534.0000000000739000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280278807.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308874401.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278240068.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278220853.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308858373.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325118501.000000000072F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 9JbJZPtaKF.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 4644, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5916, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 5344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6756, type: MEMORYSTR
                      Source: 9JbJZPtaKF.exe, 00000000.00000002.281098449.000000000079A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindows user hook set: 0 mouse low level NULL

                      System Summary:

                      barindex
                      Source: 9JbJZPtaKF.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_00479C700_2_00479C70
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_004034F00_2_004034F0
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040A2FB0_2_0040A2FB
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040A3300_2_0040A330
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040350C0_2_0040350C
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040B50D0_2_0040B50D
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0045D7100_2_0045D710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_011595304_2_01159530
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0115D5E04_2_0115D5E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_01158C604_2_01158C60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0115F2984_2_0115F298
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_011589184_2_01158918
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_082F50304_2_082F5030
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_082F00404_2_082F0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_082F28C84_2_082F28C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_082F57A04_2_082F57A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_082F64B04_2_082F64B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_083026A04_2_083026A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_083009684_2_08300968
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_083024304_2_08302430
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_083024234_2_08302423
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_083026934_2_08302693
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeCode function: 14_3_0074501214_3_00745012
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0108C24022_2_0108C240
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0108C2CB22_2_0108C2CB
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787EF7022_2_0787EF70
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787D41822_2_0787D418
                      Source: 9JbJZPtaKF.exeStatic PE information: Resource name: CUSTOM type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Source: ct.exe.0.drStatic PE information: Resource name: CUSTOM type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Source: mmybgd.exe.4.drStatic PE information: Resource name: CUSTOM type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Source: bg.exe.30.drStatic PE information: Resource name: CUSTOM type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Source: 9JbJZPtaKF.exe, 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameStub.exe" vs 9JbJZPtaKF.exe
                      Source: 9JbJZPtaKF.exe, 00000000.00000000.277618427.0000000000487000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTelemetry.Common.dllj% vs 9JbJZPtaKF.exe
                      Source: 9JbJZPtaKF.exe, 00000000.00000000.277618427.0000000000487000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamea.exe vs 9JbJZPtaKF.exe
                      Source: 9JbJZPtaKF.exe, 00000000.00000003.278461394.00000000007FA000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamea.exe2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.12W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.AppData2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.cf2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.ct.exe2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.cp2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.net42W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.02W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.02W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.02W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.02W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.02W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.02W2O;S<_[O=bWdO[2O7U`O_4cbP]Z. vs 9JbJZPtaKF.exe
                      Source: mmybgd.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: bg.exe.30.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                      Source: 9JbJZPtaKF.exeVirustotal: Detection: 35%
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeFile read: C:\Users\user\Desktop\9JbJZPtaKF.exeJump to behavior
                      Source: 9JbJZPtaKF.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
                      Source: unknownProcess created: C:\Users\user\Desktop\9JbJZPtaKF.exe 'C:\Users\user\Desktop\9JbJZPtaKF.exe'
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\cf\ct.exe 'C:\Users\user\AppData\Roaming\cf\ct.exe'
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\cf\ct.exe 'C:\Users\user\AppData\Roaming\cf\ct.exe'
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe''
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\mmybgd.exe 'C:\Users\user\AppData\Local\Temp\mmybgd.exe'
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\bp\bg.exe 'C:\Users\user\AppData\Roaming\bp\bg.exe'
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\bp\bg.exe 'C:\Users\user\AppData\Roaming\bp\bg.exe'
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exitJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\mmybgd.exe 'C:\Users\user\AppData\Local\Temp\mmybgd.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeFile created: C:\Users\user\AppData\Roaming\cf\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\mmybgd.exeJump to behavior
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@38/9@0/1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: 4.2.RegAsm.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 4.2.RegAsm.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 17.2.RegAsm.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 17.2.RegAsm.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 12.2.RegAsm.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                      Source: 12.2.RegAsm.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 4.2.RegAsm.exe.400000.0.unpack, Client/Settings.csBase64 encoded string: '+LdhvsUs+pw4B71d2iQwVxAbsVN/CI8V5uDe4+8GBQVVA3p3Gjc+xdz/YAfyI5hJiGX1Qc4myvmMJ/w+spH5TQ==', 'Q9Q7PSgZxC8JyyITnfRxL911PUyfaZ4B9LbPmzb+mTt/Hx4JdEAONTuGgnWRwuZpFkFK8zpSe1AiYCl7xj+smQ==', 'SwekYo1ECeuqyYzN9+9SJx43jCQ3iDEuvx8an3VXRZ5VvDwu6r8n7S25x1XQQQHtwNBO8EdlgYpRrR9hxSi3OaDJloHbpfSIX7DAAcqylN8VBzNW6tmZjNKifIL1xwA4LDpbpStyaKERWCs0tsHzPHFUl5kWt8yUwM92eTaBvKMhkHlzxvXcHzlGigD994SD0m1DxsHVtOEkOp13Q9Z3Li/e0abpcfEMTHK4UqVyya09Zq37PU0rpJS3rhyHttYjZqRu4/aysQPq0e6s4B1avfxO0dO4HVdZUQU/FEhl+AZ+n7UJ3Au+H8NclQ/t1Tduui6+i1Zwej8iIp1Tn541nuWtPpBxKSGVGEFu7Dx6/eFT5pYsQVPLh/exGtUzIw3JmwfntfPzHexAEsrF8md/QqpbSwH77xSUhrGItVHFeHSl8Qn58/XiTG/aJP/Tl0FG/VhJWtbgNxWozxdVMu27o19IhfgkHxmssKtHOWua0SR1lhImFUTfwRnDXzHg0pyoMBQVhsL00Y+7npfSGSyX08/8xS0ZCJKgrp2BS3VtcAFZCH1E7AOcLXf50BvkMGbZcIDnqEKOTySfirbIr9tV2FytyGbppML/LOUQvolqbYNC6INHgD3Nqv8YCDPWotuj1BG+Ca6utbQemo+NNqRHET15rUYxtw7pyzIUNsqJnhKfRjKOKi0Db2U6B8sNhWiwNLoFNGv+aQQbEGixQCdlzXiomD0Nkwu/dU7AYoUqlK1Ze1xnGfRm61u+XoWkynj0LMF4Iywewo3n8Fb1u41cijRDsufRt8DTvvGBjILj3MR0n/g5gv4+WSwJpjCOcQBii8Ps3JQHY2IsxhnW9JRxbRJ0g0h9KKFZOJMcewtw7Nji508TbpZZdXvCF176YBMPWkwpoSYpRXMaYM2Kow62560MOfXTj6ijM8a1c5MeuC6G6UKDEQlSfuVFz/b/37BFHqWPFnSetTW3Bmh4cvA5WU/cgh1I1h9v/6InQqIs7ooVK5UYV6ZBnMkKgI0D+BFcOE6YR4K0i5OdvF/+UJG9m8g7zwvniH4jObkSy/HFFOSZIn2rh8omu1d7k4N2Z2lF0yXc+DFhte5S4ggRoOksVK/QtM2nl+c2oOA0SCg2MquzSKF/ZuRaIkH55x4yuRz/alOrgVryfuWwJrNddFeWph32x3ui9V/HFcQg8HZvsRojo/N+DsyBjDBDHaWqH64kz2POlHKHXnpPZbxi7sPze8yb/pL7DK5c4GoeNI2um1X7XG5dcIQXyfObbFEt+A8V8+03DD1lgok7f4gD0RTFZyyT67Hsx+8TPkKBUW2PS83kD+2sGBK/u66SBrO6WxUghpnV/OtaiWBnDGEzn7fGjvWDIhIO9GwLjNnIjXMVpvpN1ZzofYfOHoWqXV2an622TEUWRrf5zdDQsfLv8zvcOCPtUDmS/sfdIKxjovfWfDr2HB7wRZpfJZDZEna+5if6+ExMTMwlwK/mtxR3/q8zsqKNZB/vX97/gvvuVDie2qKbZBLFKVEkZHmRNx6Hcr7MORPFMLinJIIHoyJV5Okih7WJkqj5Vi40EYeXD5QWH5VLL/4xZFNVMVQ4WNejN+MmhVG8Lx4Cb/2vBfCuCxYIuI0Y3ZTGUXRXBK99WzJt8N/rzz/Lmpl8GBxQETqcRxduY6qcfQZYX1Y1ZHSjGjID8Xwb1zMMMfEqca1O27aJnbOMx1HetlFbgZhM/aTkdveZzbNFLTrJRcvpho5wSov/8gZsdxXVnYJ2W0zKgjHfx/VNjxK80bmInIdKLgiqii/oWQD5Bh96/mRKP7lJ2D/jxmGXtAZXZJeCLBRJ8DaQyJ54wn039c4IjazzhWGC11ShaX8eKYIMkYJ6nFUcRukcK3/aTzb6IfKT3djBfrKQIBJGVlRQhXC5hxr14g2pXwkL9uYjwgyVsJqTUmEaFwexPqDO33rm3i7gqWEyVLXnV8MWwOj2/Kzdw+OFf1Dh+VupTTbwleacwaYO4OH4bx3NzBI5xOQ68pBDXi1uJ6pZ+gGlmX+HB2EYMrFBoHxZHLL9J+KpaLAW1zgPdTdOnaDLGzEd9FdCWR298tQIfVNxPAzSO+CDmc4ndtqYl3NZmEW6VwqrGquN4wFNFxEKTmuecdR9AI2BvmDMP6uxHBsybrRlrjhlPDHy70Tc71HQVmsDqu316O7a4VGftIwqQnFR/HfSD8SU0kQoQzV42Am5FsROnV/FYhRuREmYfWhVLektFh4nRiEdCV4cB7soLWyhPwy9PxBmwL4+CS+doBMyTD+o7/R/jv7JqpgrKTEzdfIx', 'ZsgJx/yojFzRDrd6d1tl2e5cG8L3oZ6FmQh1YzpSUxZuEnTP9PYySENFaUa+/t5aAJnTvz9r/LBQI6HkJIYeYZ+Gph0R+QFDexqLOI/DClAOEeH3TYtMVCw+NXxbE28MqTIoKD+7j4sNOiDy672odGSgFtv8zqSn4R1K6wO+o8THWFlHyzZTscYqga2xRhaFBH+SMHvET0AVHKzK1u5ApDlFaXAmTiRECM6Fo/R5+5EApqf/os/nXJz8B4FO1E28opcXSlGgn08ICyzjWlNgMitkZChzISSokP/sGItGCbBiIITmDVRfK0c4JRuR5VuA5a5lfhDwJfcJmzypRsCZOU52k0Jlly5P9QzZG6hy3n3MidxePqODZZ66fA5fLPOCC9uikA+7cvqOy0DqE1dCzcOtKk3dJpOGp2m07xnLKED7SFJruJzz0szpC84SfWmf+dIf4N7UjVX8Z6BE3I1ZVZYXM+K8Q33Ssmm1NyaWTex8f9yrVHnFNM5gPYE
                      Source: 12.2.RegAsm.exe.400000.0.unpack, Client/Settings.csBase64 encoded string: '+LdhvsUs+pw4B71d2iQwVxAbsVN/CI8V5uDe4+8GBQVVA3p3Gjc+xdz/YAfyI5hJiGX1Qc4myvmMJ/w+spH5TQ==', 'Q9Q7PSgZxC8JyyITnfRxL911PUyfaZ4B9LbPmzb+mTt/Hx4JdEAONTuGgnWRwuZpFkFK8zpSe1AiYCl7xj+smQ==', 'SwekYo1ECeuqyYzN9+9SJx43jCQ3iDEuvx8an3VXRZ5VvDwu6r8n7S25x1XQQQHtwNBO8EdlgYpRrR9hxSi3OaDJloHbpfSIX7DAAcqylN8VBzNW6tmZjNKifIL1xwA4LDpbpStyaKERWCs0tsHzPHFUl5kWt8yUwM92eTaBvKMhkHlzxvXcHzlGigD994SD0m1DxsHVtOEkOp13Q9Z3Li/e0abpcfEMTHK4UqVyya09Zq37PU0rpJS3rhyHttYjZqRu4/aysQPq0e6s4B1avfxO0dO4HVdZUQU/FEhl+AZ+n7UJ3Au+H8NclQ/t1Tduui6+i1Zwej8iIp1Tn541nuWtPpBxKSGVGEFu7Dx6/eFT5pYsQVPLh/exGtUzIw3JmwfntfPzHexAEsrF8md/QqpbSwH77xSUhrGItVHFeHSl8Qn58/XiTG/aJP/Tl0FG/VhJWtbgNxWozxdVMu27o19IhfgkHxmssKtHOWua0SR1lhImFUTfwRnDXzHg0pyoMBQVhsL00Y+7npfSGSyX08/8xS0ZCJKgrp2BS3VtcAFZCH1E7AOcLXf50BvkMGbZcIDnqEKOTySfirbIr9tV2FytyGbppML/LOUQvolqbYNC6INHgD3Nqv8YCDPWotuj1BG+Ca6utbQemo+NNqRHET15rUYxtw7pyzIUNsqJnhKfRjKOKi0Db2U6B8sNhWiwNLoFNGv+aQQbEGixQCdlzXiomD0Nkwu/dU7AYoUqlK1Ze1xnGfRm61u+XoWkynj0LMF4Iywewo3n8Fb1u41cijRDsufRt8DTvvGBjILj3MR0n/g5gv4+WSwJpjCOcQBii8Ps3JQHY2IsxhnW9JRxbRJ0g0h9KKFZOJMcewtw7Nji508TbpZZdXvCF176YBMPWkwpoSYpRXMaYM2Kow62560MOfXTj6ijM8a1c5MeuC6G6UKDEQlSfuVFz/b/37BFHqWPFnSetTW3Bmh4cvA5WU/cgh1I1h9v/6InQqIs7ooVK5UYV6ZBnMkKgI0D+BFcOE6YR4K0i5OdvF/+UJG9m8g7zwvniH4jObkSy/HFFOSZIn2rh8omu1d7k4N2Z2lF0yXc+DFhte5S4ggRoOksVK/QtM2nl+c2oOA0SCg2MquzSKF/ZuRaIkH55x4yuRz/alOrgVryfuWwJrNddFeWph32x3ui9V/HFcQg8HZvsRojo/N+DsyBjDBDHaWqH64kz2POlHKHXnpPZbxi7sPze8yb/pL7DK5c4GoeNI2um1X7XG5dcIQXyfObbFEt+A8V8+03DD1lgok7f4gD0RTFZyyT67Hsx+8TPkKBUW2PS83kD+2sGBK/u66SBrO6WxUghpnV/OtaiWBnDGEzn7fGjvWDIhIO9GwLjNnIjXMVpvpN1ZzofYfOHoWqXV2an622TEUWRrf5zdDQsfLv8zvcOCPtUDmS/sfdIKxjovfWfDr2HB7wRZpfJZDZEna+5if6+ExMTMwlwK/mtxR3/q8zsqKNZB/vX97/gvvuVDie2qKbZBLFKVEkZHmRNx6Hcr7MORPFMLinJIIHoyJV5Okih7WJkqj5Vi40EYeXD5QWH5VLL/4xZFNVMVQ4WNejN+MmhVG8Lx4Cb/2vBfCuCxYIuI0Y3ZTGUXRXBK99WzJt8N/rzz/Lmpl8GBxQETqcRxduY6qcfQZYX1Y1ZHSjGjID8Xwb1zMMMfEqca1O27aJnbOMx1HetlFbgZhM/aTkdveZzbNFLTrJRcvpho5wSov/8gZsdxXVnYJ2W0zKgjHfx/VNjxK80bmInIdKLgiqii/oWQD5Bh96/mRKP7lJ2D/jxmGXtAZXZJeCLBRJ8DaQyJ54wn039c4IjazzhWGC11ShaX8eKYIMkYJ6nFUcRukcK3/aTzb6IfKT3djBfrKQIBJGVlRQhXC5hxr14g2pXwkL9uYjwgyVsJqTUmEaFwexPqDO33rm3i7gqWEyVLXnV8MWwOj2/Kzdw+OFf1Dh+VupTTbwleacwaYO4OH4bx3NzBI5xOQ68pBDXi1uJ6pZ+gGlmX+HB2EYMrFBoHxZHLL9J+KpaLAW1zgPdTdOnaDLGzEd9FdCWR298tQIfVNxPAzSO+CDmc4ndtqYl3NZmEW6VwqrGquN4wFNFxEKTmuecdR9AI2BvmDMP6uxHBsybrRlrjhlPDHy70Tc71HQVmsDqu316O7a4VGftIwqQnFR/HfSD8SU0kQoQzV42Am5FsROnV/FYhRuREmYfWhVLektFh4nRiEdCV4cB7soLWyhPwy9PxBmwL4+CS+doBMyTD+o7/R/jv7JqpgrKTEzdfIx', 'ZsgJx/yojFzRDrd6d1tl2e5cG8L3oZ6FmQh1YzpSUxZuEnTP9PYySENFaUa+/t5aAJnTvz9r/LBQI6HkJIYeYZ+Gph0R+QFDexqLOI/DClAOEeH3TYtMVCw+NXxbE28MqTIoKD+7j4sNOiDy672odGSgFtv8zqSn4R1K6wO+o8THWFlHyzZTscYqga2xRhaFBH+SMHvET0AVHKzK1u5ApDlFaXAmTiRECM6Fo/R5+5EApqf/os/nXJz8B4FO1E28opcXSlGgn08ICyzjWlNgMitkZChzISSokP/sGItGCbBiIITmDVRfK0c4JRuR5VuA5a5lfhDwJfcJmzypRsCZOU52k0Jlly5P9QzZG6hy3n3MidxePqODZZ66fA5fLPOCC9uikA+7cvqOy0DqE1dCzcOtKk3dJpOGp2m07xnLKED7SFJruJzz0szpC84SfWmf+dIf4N7UjVX8Z6BE3I1ZVZYXM+K8Q33Ssmm1NyaWTex8f9yrVHnFNM5gPYE
                      Source: 17.2.RegAsm.exe.400000.0.unpack, Client/Settings.csBase64 encoded string: '+LdhvsUs+pw4B71d2iQwVxAbsVN/CI8V5uDe4+8GBQVVA3p3Gjc+xdz/YAfyI5hJiGX1Qc4myvmMJ/w+spH5TQ==', 'Q9Q7PSgZxC8JyyITnfRxL911PUyfaZ4B9LbPmzb+mTt/Hx4JdEAONTuGgnWRwuZpFkFK8zpSe1AiYCl7xj+smQ==', 'SwekYo1ECeuqyYzN9+9SJx43jCQ3iDEuvx8an3VXRZ5VvDwu6r8n7S25x1XQQQHtwNBO8EdlgYpRrR9hxSi3OaDJloHbpfSIX7DAAcqylN8VBzNW6tmZjNKifIL1xwA4LDpbpStyaKERWCs0tsHzPHFUl5kWt8yUwM92eTaBvKMhkHlzxvXcHzlGigD994SD0m1DxsHVtOEkOp13Q9Z3Li/e0abpcfEMTHK4UqVyya09Zq37PU0rpJS3rhyHttYjZqRu4/aysQPq0e6s4B1avfxO0dO4HVdZUQU/FEhl+AZ+n7UJ3Au+H8NclQ/t1Tduui6+i1Zwej8iIp1Tn541nuWtPpBxKSGVGEFu7Dx6/eFT5pYsQVPLh/exGtUzIw3JmwfntfPzHexAEsrF8md/QqpbSwH77xSUhrGItVHFeHSl8Qn58/XiTG/aJP/Tl0FG/VhJWtbgNxWozxdVMu27o19IhfgkHxmssKtHOWua0SR1lhImFUTfwRnDXzHg0pyoMBQVhsL00Y+7npfSGSyX08/8xS0ZCJKgrp2BS3VtcAFZCH1E7AOcLXf50BvkMGbZcIDnqEKOTySfirbIr9tV2FytyGbppML/LOUQvolqbYNC6INHgD3Nqv8YCDPWotuj1BG+Ca6utbQemo+NNqRHET15rUYxtw7pyzIUNsqJnhKfRjKOKi0Db2U6B8sNhWiwNLoFNGv+aQQbEGixQCdlzXiomD0Nkwu/dU7AYoUqlK1Ze1xnGfRm61u+XoWkynj0LMF4Iywewo3n8Fb1u41cijRDsufRt8DTvvGBjILj3MR0n/g5gv4+WSwJpjCOcQBii8Ps3JQHY2IsxhnW9JRxbRJ0g0h9KKFZOJMcewtw7Nji508TbpZZdXvCF176YBMPWkwpoSYpRXMaYM2Kow62560MOfXTj6ijM8a1c5MeuC6G6UKDEQlSfuVFz/b/37BFHqWPFnSetTW3Bmh4cvA5WU/cgh1I1h9v/6InQqIs7ooVK5UYV6ZBnMkKgI0D+BFcOE6YR4K0i5OdvF/+UJG9m8g7zwvniH4jObkSy/HFFOSZIn2rh8omu1d7k4N2Z2lF0yXc+DFhte5S4ggRoOksVK/QtM2nl+c2oOA0SCg2MquzSKF/ZuRaIkH55x4yuRz/alOrgVryfuWwJrNddFeWph32x3ui9V/HFcQg8HZvsRojo/N+DsyBjDBDHaWqH64kz2POlHKHXnpPZbxi7sPze8yb/pL7DK5c4GoeNI2um1X7XG5dcIQXyfObbFEt+A8V8+03DD1lgok7f4gD0RTFZyyT67Hsx+8TPkKBUW2PS83kD+2sGBK/u66SBrO6WxUghpnV/OtaiWBnDGEzn7fGjvWDIhIO9GwLjNnIjXMVpvpN1ZzofYfOHoWqXV2an622TEUWRrf5zdDQsfLv8zvcOCPtUDmS/sfdIKxjovfWfDr2HB7wRZpfJZDZEna+5if6+ExMTMwlwK/mtxR3/q8zsqKNZB/vX97/gvvuVDie2qKbZBLFKVEkZHmRNx6Hcr7MORPFMLinJIIHoyJV5Okih7WJkqj5Vi40EYeXD5QWH5VLL/4xZFNVMVQ4WNejN+MmhVG8Lx4Cb/2vBfCuCxYIuI0Y3ZTGUXRXBK99WzJt8N/rzz/Lmpl8GBxQETqcRxduY6qcfQZYX1Y1ZHSjGjID8Xwb1zMMMfEqca1O27aJnbOMx1HetlFbgZhM/aTkdveZzbNFLTrJRcvpho5wSov/8gZsdxXVnYJ2W0zKgjHfx/VNjxK80bmInIdKLgiqii/oWQD5Bh96/mRKP7lJ2D/jxmGXtAZXZJeCLBRJ8DaQyJ54wn039c4IjazzhWGC11ShaX8eKYIMkYJ6nFUcRukcK3/aTzb6IfKT3djBfrKQIBJGVlRQhXC5hxr14g2pXwkL9uYjwgyVsJqTUmEaFwexPqDO33rm3i7gqWEyVLXnV8MWwOj2/Kzdw+OFf1Dh+VupTTbwleacwaYO4OH4bx3NzBI5xOQ68pBDXi1uJ6pZ+gGlmX+HB2EYMrFBoHxZHLL9J+KpaLAW1zgPdTdOnaDLGzEd9FdCWR298tQIfVNxPAzSO+CDmc4ndtqYl3NZmEW6VwqrGquN4wFNFxEKTmuecdR9AI2BvmDMP6uxHBsybrRlrjhlPDHy70Tc71HQVmsDqu316O7a4VGftIwqQnFR/HfSD8SU0kQoQzV42Am5FsROnV/FYhRuREmYfWhVLektFh4nRiEdCV4cB7soLWyhPwy9PxBmwL4+CS+doBMyTD+o7/R/jv7JqpgrKTEzdfIx', 'ZsgJx/yojFzRDrd6d1tl2e5cG8L3oZ6FmQh1YzpSUxZuEnTP9PYySENFaUa+/t5aAJnTvz9r/LBQI6HkJIYeYZ+Gph0R+QFDexqLOI/DClAOEeH3TYtMVCw+NXxbE28MqTIoKD+7j4sNOiDy672odGSgFtv8zqSn4R1K6wO+o8THWFlHyzZTscYqga2xRhaFBH+SMHvET0AVHKzK1u5ApDlFaXAmTiRECM6Fo/R5+5EApqf/os/nXJz8B4FO1E28opcXSlGgn08ICyzjWlNgMitkZChzISSokP/sGItGCbBiIITmDVRfK0c4JRuR5VuA5a5lfhDwJfcJmzypRsCZOU52k0Jlly5P9QzZG6hy3n3MidxePqODZZ66fA5fLPOCC9uikA+7cvqOy0DqE1dCzcOtKk3dJpOGp2m07xnLKED7SFJruJzz0szpC84SfWmf+dIf4N7UjVX8Z6BE3I1ZVZYXM+K8Q33Ssmm1NyaWTex8f9yrVHnFNM5gPYE
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_01
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\127138ab06d688bf145f78193fb1c3e5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\df4Rtg34dFjwr
                      Source: 9JbJZPtaKF.exe, 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp, ct.exe, 0000000B.00000002.311342011.0000000000482000.00000004.00020000.sdmp, ct.exe, 0000000E.00000002.328236678.0000000000482000.00000004.00020000.sdmp, mmybgd.exe, 0000001E.00000002.442651359.0000000000482000.00000004.00020000.sdmpBinary or memory string: @*\AC:\Users\Pc\Desktop\Private Stubs\yaxil suge\ExtendedRTFCode.vbp
                      Source: 9JbJZPtaKF.exe, 00000000.00000000.277536101.0000000000401000.00000020.00020000.sdmp, ct.exe, 0000000B.00000000.306368311.0000000000401000.00000020.00020000.sdmp, ct.exe, 0000000E.00000002.328150567.0000000000401000.00000020.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437697279.0000000000401000.00000020.00020000.sdmp, bg.exe, 00000021.00000002.472166356.0000000000401000.00000020.00020000.sdmpBinary or memory string: /@ H*\AC:\Users\Pc\Desktop\Private Stubs\yaxil suge\ExtendedRTFCode.vbp
                      Source: 9JbJZPtaKF.exeBinary or memory string: H*\AC:\Users\Pc\Desktop\Private Stubs\yaxil suge\ExtendedRTFCode.vbp
                      Source: 9JbJZPtaKF.exeString found in binary or memory: eated to reference specifically\ulnone \par Visual Basic Programmer's Journal \par VB2Max \par PlanetCodeSource \par \fs26 VB-helper\fs24 \par \ul\b Known Code Sources\ulnone\b0 \par \pard\nowidctlpar\fs26 Public Function RichWordOver() As String \pa
                      Source: 9JbJZPtaKF.exeString found in binary or memory: 'Ready-To-Run Visual Basic Algorithms, Second Edition \par 'http://www.vb-helper.com/vba.htm \par modified for class usage by adding Sub \b MouseMove\b0 to the class as it needs to know about X and Y for mouse. \b \par \par \b0 Span Example in VB H
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: Binary string: Telemetry.Common.pdb## source: 9JbJZPtaKF.exe, 00000000.00000000.277618427.0000000000487000.00000002.00020000.sdmp, ct.exe, 0000000B.00000003.309143224.0000000002FD6000.00000004.00000001.sdmp, ct.exe, 0000000E.00000002.328247413.0000000000487000.00000002.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437767065.0000000000487000.00000002.00020000.sdmp, bg.exe, 00000021.00000000.460309859.0000000000487000.00000002.00020000.sdmp
                      Source: Binary string: Telemetry.Common.pdb source: 9JbJZPtaKF.exe, 00000000.00000000.277618427.0000000000487000.00000002.00020000.sdmp, ct.exe, 0000000B.00000002.311356379.0000000000487000.00000002.00020000.sdmp, ct.exe, 0000000E.00000002.328247413.0000000000487000.00000002.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437767065.0000000000487000.00000002.00020000.sdmp, bg.exe, 00000021.00000000.460309859.0000000000487000.00000002.00020000.sdmp

                      Data Obfuscation:

                      barindex
                      Suspicious powershell command line foundShow sources
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe''
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' Jump to behavior
                      .NET source code contains potential unpackerShow sources
                      Source: 4.2.RegAsm.exe.400000.0.unpack, Client/Handle_Packet/Packet.cs.Net Code: Invoke System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 12.2.RegAsm.exe.400000.0.unpack, Client/Handle_Packet/Packet.cs.Net Code: Invoke System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 17.2.RegAsm.exe.400000.0.unpack, Client/Handle_Packet/Packet.cs.Net Code: Invoke System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_3_007DA036 push 00000000h; iretd 0_3_007DA27A
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040BA4D push ebx; iretd 0_2_0040BA4E
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040BA50 push ebx; iretd 0_2_0040BA5E
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeCode function: 0_2_0040BA01 push ebx; iretd 0_2_0040BA3E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_082F1C92 pushfd ; retf 4_2_082F1C99
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_08308130 push ss; iretd 4_2_08308134
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_083099DA pushfd ; retn 0000h4_2_083099DE
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeCode function: 11_3_006C9966 push 00000000h; iretd 11_3_006C99CA
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787C591 push cs; iretd 22_2_0787C592
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787A5D1 push es; iretd 22_2_0787A5D2
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787C5EB push cs; iretd 22_2_0787C5F2
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787C521 push cs; iretd 22_2_0787C522
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787C543 push cs; iretd 22_2_0787C54A
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787C540 push cs; iretd 22_2_0787C542
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787E347 push ds; iretd 22_2_0787E34A
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0787E19F push ds; iretd 22_2_0787E1A2
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_07872BAA pushad ; iretd 22_2_07872BB1
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeFile created: C:\Users\user\AppData\Roaming\cf\ct.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeFile created: C:\Users\user\AppData\Roaming\bp\bg.exeJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\mmybgd.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306946941.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306899015.00000000006EA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327182152.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325299126.000000000070C000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.544974477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280183910.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278483376.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306958807.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325371450.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.356231512.00000000061A4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325340924.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327210322.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278249926.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278304939.0000000000805000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.554990912.0000000002EE8000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278201980.00000000007FA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308889804.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306989450.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278470265.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327236288.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.322158875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306923152.00000000006C7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278264012.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325501534.0000000000739000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280278807.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308874401.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278240068.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278220853.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308858373.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325118501.000000000072F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 9JbJZPtaKF.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 4644, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5916, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 5344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6756, type: MEMORYSTR
                      Creates multiple autostart registry keysShow sources
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bmJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run cpJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run cpJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run cpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bmJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bmJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Icon mismatch, binary includes an icon from a different legit application in order to fool usersShow sources
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: iconPdf.png
                      Creates files in alternative data streams (ADS)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local:28-09-2021Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value created or modified: HKEY_CURRENT_USER\Software\37C355B9F362AD041939 4E47C429C681B3A23CF9BF8CDF60CAB79FBEDDB88B39B406A61CE21097DD7FE6Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 720, type: MEMORYSTR
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306946941.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306899015.00000000006EA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327182152.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325299126.000000000070C000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.544974477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280183910.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278483376.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306958807.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325371450.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.356231512.00000000061A4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325340924.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327210322.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278249926.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278304939.0000000000805000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.554990912.0000000002EE8000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278201980.00000000007FA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308889804.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306989450.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278470265.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327236288.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.322158875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306923152.00000000006C7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278264012.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325501534.0000000000739000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280278807.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308874401.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278240068.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278220853.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308858373.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325118501.000000000072F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 9JbJZPtaKF.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 4644, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5916, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 5344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6756, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: 9JbJZPtaKF.exe, 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmp, RegAsm.exe, 00000004.00000002.544974477.0000000000402000.00000040.00000001.sdmp, ct.exe, 0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmp, RegAsm.exe, 0000000C.00000002.322158875.0000000000402000.00000040.00000001.sdmp, ct.exe, 0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmp, RegAsm.exe, 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3404Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3404Thread sleep count: 77 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5476Thread sleep count: 115 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5476Thread sleep count: 9646 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6800Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2144Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6040Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5060Thread sleep time: -350000s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2276Thread sleep time: -1844674407370954s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 9646Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 943Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 496Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 952
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 614
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: powershell.exe, 00000016.00000002.444912196.0000000004886000.00000004.00000001.sdmpBinary or memory string: Hyper-V
                      Source: RegAsm.exe, 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmpBinary or memory string: vmware
                      Source: powershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpBinary or memory string: Bm:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
                      Source: RegAsm.exe, 00000004.00000002.561723054.00000000052F5000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

                      Anti Debugging:

                      barindex
                      Hides threads from debuggersShow sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebugger
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: Debug
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Sample uses process hollowing techniqueShow sources
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base address: 400000
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: CAB008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: F49008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 8D8008Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: A80008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: F4B008
                      Bypasses PowerShell execution policyShow sources
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe''
                      Allocates memory in foreign processesShow sources
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\Desktop\9JbJZPtaKF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exitJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\cf\ct.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\mmybgd.exe 'C:\Users\user\AppData\Local\Temp\mmybgd.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\mmybgd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: C:\Users\user\AppData\Roaming\bp\bg.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      Source: RegAsm.exe, 00000004.00000003.410300499.00000000061F8000.00000004.00000001.sdmp, RegAsm.exe, 0000001F.00000002.556205526.0000000001370000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: RegAsm.exe, 00000004.00000002.554377329.00000000016E0000.00000002.00020000.sdmp, RegAsm.exe, 0000001F.00000002.556205526.0000000001370000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: RegAsm.exe, 00000004.00000002.554377329.00000000016E0000.00000002.00020000.sdmp, RegAsm.exe, 0000001F.00000002.556205526.0000000001370000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: RegAsm.exe, 00000004.00000002.554377329.00000000016E0000.00000002.00020000.sdmp, RegAsm.exe, 0000001F.00000002.556205526.0000000001370000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.722ef8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.8051e4.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.9JbJZPtaKF.exe.7ee9c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6de118.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.ct.exe.6f4934.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.ct.exe.739714.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306946941.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306899015.00000000006EA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327182152.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325299126.000000000070C000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.544974477.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280183910.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278483376.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306958807.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325371450.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.356231512.00000000061A4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325340924.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327210322.0000000000723000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278249926.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278304939.0000000000805000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.554990912.0000000002EE8000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278201980.00000000007FA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308889804.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306989450.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278470265.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.327236288.0000000000744000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.322158875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.306923152.00000000006C7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278264012.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325501534.0000000000739000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.280278807.0000000000810000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308874401.00000000006DF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278240068.00000000007EF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.278220853.00000000007D7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.308858373.00000000006FF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.325118501.000000000072F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 9JbJZPtaKF.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 4644, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5916, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ct.exe PID: 5344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6756, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected BitRATShow sources
                      Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 41.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 41.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001F.00000002.544923977.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000002.476289404.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.462953448.00000000034F0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000029.00000002.491911455.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4676, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: bg.exe PID: 6184, type: MEMORYSTR

                      Remote Access Functionality:

                      barindex
                      Yara detected BitRATShow sources
                      Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 41.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 41.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001F.00000002.544923977.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000002.476289404.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.462953448.00000000034F0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000029.00000002.491911455.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 4676, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: bg.exe PID: 6184, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1Input Capture2File and Directory Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsShared Modules1Scheduled Task/Job1Process Injection412Obfuscated Files or Information121LSASS MemorySystem Information Discovery13Remote Desktop ProtocolInput Capture2Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter2Registry Run Keys / Startup Folder11Scheduled Task/Job1Software Packing11Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsScheduled Task/Job1Logon Script (Mac)Registry Run Keys / Startup Folder11DLL Side-Loading1NTDSSecurity Software Discovery311Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsPowerShell2Network Logon ScriptNetwork Logon ScriptMasquerading11LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonModify Registry1Cached Domain CredentialsVirtualization/Sandbox Evasion121VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion121DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection412Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)NTFS File Attributes1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 491916 Sample: 9JbJZPtaKF.exe Startdate: 28/09/2021 Architecture: WINDOWS Score: 100 74 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->74 76 Multi AV Scanner detection for submitted file 2->76 78 Yara detected BitRAT 2->78 80 8 other signatures 2->80 10 9JbJZPtaKF.exe 1 2 2->10         started        14 ct.exe 2->14         started        16 bg.exe 2->16         started        18 2 other processes 2->18 process3 file4 62 C:\Users\user\AppData\Roaming\cf\ct.exe, PE32 10->62 dropped 90 Creates multiple autostart registry keys 10->90 92 Writes to foreign memory regions 10->92 94 Allocates memory in foreign processes 10->94 20 RegAsm.exe 1 4 10->20         started        24 RegAsm.exe 10->24         started        96 Multi AV Scanner detection for dropped file 14->96 98 Machine Learning detection for dropped file 14->98 100 Sample uses process hollowing technique 14->100 26 RegAsm.exe 3 14->26         started        102 Injects a PE file into a foreign processes 16->102 28 RegAsm.exe 16->28         started        37 2 other processes 16->37 31 RegAsm.exe 18->31         started        33 RegAsm.exe 2 18->33         started        35 RegAsm.exe 18->35         started        39 3 other processes 18->39 signatures5 process6 dnsIp7 64 185.157.160.136, 1973, 1975, 49749 OBE-EUROPEObenetworkEuropeSE Sweden 20->64 60 C:\Users\user\AppData\Local\Temp\mmybgd.exe, PE32 20->60 dropped 41 cmd.exe 1 20->41         started        104 Hides threads from debuggers 31->104 file8 signatures9 process10 signatures11 86 Suspicious powershell command line found 41->86 88 Bypasses PowerShell execution policy 41->88 44 powershell.exe 14 41->44         started        46 conhost.exe 41->46         started        process12 process13 48 mmybgd.exe 1 2 44->48         started        file14 56 C:\Users\user\AppData\Roaming\bp\bg.exe, PE32 48->56 dropped 66 Machine Learning detection for dropped file 48->66 68 Creates multiple autostart registry keys 48->68 70 Writes to foreign memory regions 48->70 72 3 other signatures 48->72 52 RegAsm.exe 3 48->52         started        signatures15 process16 file17 58 C:\Users\user\AppData\Local:28-09-2021, ASCII 52->58 dropped 82 Creates files in alternative data streams (ADS) 52->82 84 Hides threads from debuggers 52->84 signatures18

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      9JbJZPtaKF.exe35%VirustotalBrowse
                      9JbJZPtaKF.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\bp\bg.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\cf\ct.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\mmybgd.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\cf\ct.exe40%ReversingLabsWin32.Trojan.Sabsik

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      14.3.ct.exe.739714.1.unpack100%AviraHEUR/AGEN.1110362Download File
                      0.3.9JbJZPtaKF.exe.8051e4.1.unpack100%AviraHEUR/AGEN.1110362Download File
                      14.3.ct.exe.739714.2.unpack100%AviraHEUR/AGEN.1110362Download File
                      37.2.RegAsm.exe.400000.0.unpack100%AviraHEUR/AGEN.1140205Download File
                      41.2.RegAsm.exe.400000.0.unpack100%AviraHEUR/AGEN.1140205Download File
                      31.2.RegAsm.exe.400000.0.unpack100%AviraHEUR/AGEN.1140205Download File
                      4.2.RegAsm.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                      11.3.ct.exe.6f4934.2.unpack100%AviraHEUR/AGEN.1110362Download File
                      0.3.9JbJZPtaKF.exe.8051e4.2.unpack100%AviraHEUR/AGEN.1110362Download File
                      11.3.ct.exe.6f4934.1.unpack100%AviraHEUR/AGEN.1110362Download File
                      17.2.RegAsm.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                      12.2.RegAsm.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      http://schemas.microsof0%URL Reputationsafe
                      https://contoso.com/0%URL Reputationsafe
                      https://contoso.com/License0%URL Reputationsafe
                      https://contoso.com/Icon0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://nuget.org/NuGet.exepowershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpfalse
                        		high
                        http://www.vb-helper.com/vba.htm9JbJZPtaKF.exe, 9JbJZPtaKF.exe, 00000000.00000000.277536101.0000000000401000.00000020.00020000.sdmp, RegAsm.exe, 00000004.00000002.558074837.00000000042E7000.00000004.00000001.sdmp, ct.exe, 0000000B.00000000.306368311.0000000000401000.00000020.00020000.sdmp, ct.exe, 0000000E.00000002.328150567.0000000000401000.00000020.00020000.sdmp, mmybgd.exe, 0000001E.00000000.437697279.0000000000401000.00000020.00020000.sdmp, bg.exe, 00000021.00000002.472166356.0000000000401000.00000020.00020000.sdmpfalse
                          		high
                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegAsm.exe, 00000004.00000002.554885816.0000000002EB1000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.443919743.0000000004591000.00000004.00000001.sdmpfalse
                            		high
                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpfalse
                              		high
                              https://github.com/Pester/Pesterpowershell.exe, 00000016.00000002.444344805.00000000046D3000.00000004.00000001.sdmpfalse
                                		high
                                http://schemas.microsofct.exefalse
                                • URL Reputation: safe
                                		unknown
                                https://curl.haxx.se/docs/http-cookies.htmlRegAsm.exe, 0000001F.00000002.544923977.0000000000400000.00000040.00000001.sdmp, bg.exe, 00000021.00000003.462953448.00000000034F0000.00000004.00000001.sdmpfalse
                                  		high
                                  https://contoso.com/powershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://nuget.org/nuget.exepowershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpfalse
                                    		high
                                    https://contoso.com/Licensepowershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://contoso.com/Iconpowershell.exe, 00000016.00000002.446314129.00000000055F4000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    185.157.160.136
                                    		unknownSweden
                                    		197595OBE-EUROPEObenetworkEuropeSEtrue

                                    General Information

                                    Joe Sandbox Version:33.0.0 White Diamond
                                    Analysis ID:491916
                                    Start date:28.09.2021
                                    Start time:07:22:16
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 14m 7s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:9JbJZPtaKF.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:44
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@38/9@0/1
                                    EGA Information:Failed
                                    HDC Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 92%
                                    • Number of executed functions: 16
                                    • Number of non-executed functions: 280
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.82.209.183, 20.54.110.249, 40.112.88.60, 173.222.108.226, 173.222.108.210, 93.184.221.240, 8.248.115.254, 8.248.147.254, 8.238.85.254, 8.248.119.254, 8.248.139.254, 20.199.120.182, 80.67.82.211, 80.67.82.235, 20.199.120.151, 20.82.210.154
                                    • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, client.wns.windows.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size exceeded maximum capacity and may have missing network information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    07:23:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run cp C:\Users\user\AppData\Roaming\cf\ct.exe
                                    07:23:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run cp C:\Users\user\AppData\Roaming\cf\ct.exe
                                    07:24:14API Interceptor26x Sleep call for process: powershell.exe modified
                                    07:24:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run bm C:\Users\user\AppData\Roaming\bp\bg.exe
                                    07:24:27API Interceptor379x Sleep call for process: RegAsm.exe modified
                                    07:24:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run bm C:\Users\user\AppData\Roaming\bp\bg.exe

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASN

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local:28-09-2021
                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):128
                                    Entropy (8bit):4.936164137895121
                                    Encrypted:false
                                    SSDEEP:3:itC+AgK4mH8ogt03wrH8ogt0tJlZpKDBWJln:ioDgYH8ogt1vgtoppSc3
                                    MD5:F272081EB6D5BDF88A7CDDE29E8AC150
                                    SHA1:EB718AB1BE89F9EB73AC8F1A19D82157DC6E309F
                                    SHA-256:078B6A10730E390E9D44581EA9948AD370D0FC9615EC9598AFEAFF412B6A1CAD
                                    SHA-512:90AA2580785EB0F867D92356D97807759A2CC509ED898B50F9EEAFEF1696D857D55FA997F2ADC6BB5BE319F6B207CEC4E24E9D436FA842C1453883A10B3E1A89
                                    Malicious:true
                                    Reputation:unknown
                                    Preview: <block><data>CkNsaXBib2FyZCBkYXRhOiBbQ0xJUEJPQVJEX1NUQVJUXTBbQ0xJUEJPQVJEX0VORF0K</data></block><block><data>cg==</data></block>
                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):425
                                    Entropy (8bit):5.340009400190196
                                    Encrypted:false
                                    SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks2wKDE4KhK3VZ9pKhk
                                    MD5:CC144808DBAF00E03294347EADC8E779
                                    SHA1:A3434FC71BA82B7512C813840427C687ADDB5AEA
                                    SHA-256:3FC7B9771439E777A8F8B8579DD499F3EB90859AD30EFD8A765F341403FC7101
                                    SHA-512:A4F9EB98200BCAF388F89AABAF7EA57661473687265597B13192C24F06638C6339A3BD581DF4E002F26EE1BA09410F6A2BBDB4DA0CD40B59D63A09BAA1AADD3D
                                    Malicious:false
                                    Reputation:unknown
                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..
                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):16444
                                    Entropy (8bit):5.57046790718648
                                    Encrypted:false
                                    SSDEEP:384:dt9HXJTXEnrm6RpSBKnEul6SE7Y9gbprcQTDYZy:IRp4KEuljcxRTEI
                                    MD5:9C5740419512622E220DE5BBAF6FA1EC
                                    SHA1:0EAE04DCFA63BB866F7ECFFF9126338A96A26F33
                                    SHA-256:E3800672313D0EC981794F8F0E9E4487EE4704FBBE63006CCC317A9A7DCCD32C
                                    SHA-512:9E15658FEA652B440D51C183F95D90DC8FACFA6F56A9DC7026BB1E4F72A4D07AE023A8F82FFE93E9B6ACD3348AB5D1F5B1A7C84263036296796C0DFA73E93A0B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview: @...e.......................?.7.7.......%............@..........H...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)s.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,......(.Microsoft.PowerShell.Commands.ManagementD..................-.D.F.<;.nt.1........System.Configuration.Ins
                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wp4lsxaf.jau.ps1
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Reputation:unknown
                                    Preview: 1
                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yyk0woll.01u.psm1
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Reputation:unknown
                                    Preview: 1
                                    C:\Users\user\AppData\Local\Temp\mmybgd.exe
                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):4731304
                                    Entropy (8bit):7.880890582164195
                                    Encrypted:false
                                    SSDEEP:98304:YC2pE1Qeauo7Bnr3VGKkN2YxQ6BmvS4KB0hUXTMpJgGFwN6bmNNuRhEt:YC2pEieC7BL2Cvsah/pJgTN6bmNkDEt
                                    MD5:BDC628B212725C5FD4287591393CB44E
                                    SHA1:AE1D2F0C1480C0CBD02703D41AE76C36FC011BE8
                                    SHA-256:78F869F3203033C6B2D25C30D545F8BB6D701357B4D870E2707F92A68790DCE9
                                    SHA-512:6EDCA221CCC9DB764A88898CA1AA7FF6C3E50C4720321EA59C811D7876749428AEF9261486F7AC7B1D6C0DDEFA1B6399A105449885C7D20CA591CA3645A1FADD
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    Reputation:unknown
                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................w...................Rich............PE..L.....Oa..................... .......4....... ....@..........................@.......6H.....................................T...(....p......................................................................(... .......d............................text............................... ..`.data...HJ... ....... ..............@....rsrc........p.......0..............@..@..^............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................
                                    C:\Users\user\AppData\Roaming\bp\bg.exe
                                    Process:C:\Users\user\AppData\Local\Temp\mmybgd.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):4731304
                                    Entropy (8bit):7.880890582164195
                                    Encrypted:false
                                    SSDEEP:98304:YC2pE1Qeauo7Bnr3VGKkN2YxQ6BmvS4KB0hUXTMpJgGFwN6bmNNuRhEt:YC2pEieC7BL2Cvsah/pJgTN6bmNkDEt
                                    MD5:BDC628B212725C5FD4287591393CB44E
                                    SHA1:AE1D2F0C1480C0CBD02703D41AE76C36FC011BE8
                                    SHA-256:78F869F3203033C6B2D25C30D545F8BB6D701357B4D870E2707F92A68790DCE9
                                    SHA-512:6EDCA221CCC9DB764A88898CA1AA7FF6C3E50C4720321EA59C811D7876749428AEF9261486F7AC7B1D6C0DDEFA1B6399A105449885C7D20CA591CA3645A1FADD
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    Reputation:unknown
                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................w...................Rich............PE..L.....Oa..................... .......4....... ....@..........................@.......6H.....................................T...(....p......................................................................(... .......d............................text............................... ..`.data...HJ... ....... ..............@....rsrc........p.......0..............@..@..^............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................
                                    C:\Users\user\AppData\Roaming\cf\ct.exe
                                    Process:C:\Users\user\Desktop\9JbJZPtaKF.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):666024
                                    Entropy (8bit):6.300855326189978
                                    Encrypted:false
                                    SSDEEP:6144:Xsh7P4K387yYg9ihPBJ1G08ozfjqXXTewGJX/MHeKPwE+8sS6rU8jcxJ8:8h7l38OKJBWkzfwS/M+KGtLHX
                                    MD5:133C10454108AA86301F79A03AA24046
                                    SHA1:21439179CB8700406D57332079AB311D08B0C9BF
                                    SHA-256:DE0CB500125D733BECBDEB53CF7B3F1BACE4DC91E54805007718970124EF6797
                                    SHA-512:8B2A492A5732C89C2E347270E9B1DF4DB26B79FEFD6FEAE115B35A22B0851C7973FB0ECC9B6C6187791BF720D71A7B69374D81ABF63F0ED73FAED4EFBEE79FBE
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 40%
                                    Reputation:unknown
                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................w...................Rich............PE..L.....Oa.............................4....... ....@.................................Z.......................................T...(....p...3..................................................................(... .......d............................text............................... ..`.data...HJ... ....... ..............@....rsrc....3...p...@...0..............@..@..^............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................
                                    C:\Users\user\Documents\20210928\PowerShell_transcript.088753.vlQ_yutw.20210928072352.txt
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1023
                                    Entropy (8bit):5.163353160334551
                                    Encrypted:false
                                    SSDEEP:24:BxSA45xvBnVvx2DOXVVoWdeW9HjeTKKjX4CIym1ZJXUPVoWdfnxSAZ3:BZovhVvoOFGu9qDYB1Z2PGUZZ3
                                    MD5:6A130F3DDD89490FE85813ED0C44A58F
                                    SHA1:34FEEAA9FA7E877B4FE3ED5380FF6F9F84A56AC9
                                    SHA-256:81FFC9EA5A3E0F3D7F2ECDAA463259A4A39EA6190375892D90A8DBB35D82E1AC
                                    SHA-512:3B611F782E322C40274ADA7F938E16401BFCEB6DB861F2F700CBE40C0ABB5C89CF4ECEAD67357FF456C82469089CE1DD7160E54CD99F3878083F1D7FBD521D97
                                    Malicious:false
                                    Reputation:unknown
                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20210928072409..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 088753 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell .ExecutionPolicy Bypass Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\mmybgd.exe'..Process ID: 720..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210928072409..**********************..PS>Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\mmybgd.exe'..**********************..Command start time: 20210928072740..**********************..PS>$global:?..True..**********************..Windows PowerShell transcript end..End time: 20210928072740..*

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):6.300855326189978
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 98.72%
                                    • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                    • InstallShield setup (43055/19) 0.42%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    File name:9JbJZPtaKF.exe
                                    File size:666024
                                    MD5:133c10454108aa86301f79a03aa24046
                                    SHA1:21439179cb8700406d57332079ab311d08b0c9bf
                                    SHA256:de0cb500125d733becbdeb53cf7b3f1bace4dc91e54805007718970124ef6797
                                    SHA512:8b2a492a5732c89c2e347270e9b1df4db26b79fefd6feae115b35a22b0851c7973fb0ecc9b6c6187791bf720d71a7b69374d81abf63f0ed73faed4efbee79fbe
                                    SSDEEP:6144:Xsh7P4K387yYg9ihPBJ1G08ozfjqXXTewGJX/MHeKPwE+8sS6rU8jcxJ8:8h7l38OKJBWkzfwS/M+KGtLHX
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................w.......................Rich............PE..L.....Oa.............................4....... ....@................

                                    File Icon

                                    Icon Hash:ecccccd4d4e8e096

                                    Static PE Info

                                    General

                                    Entrypoint:0x4034f0
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                    DLL Characteristics:
                                    Time Stamp:0x614F12F6 [Sat Sep 25 12:15:50 2021 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:835f485ca718411734d873f35af1695e

                                    Entrypoint Preview

                                    Instruction
                                    push 00405380h
                                    call 00007F5650801D45h
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    xor byte ptr [eax], al
                                    add byte ptr [eax], al
                                    inc eax
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [esp+esi], al
                                    cmp bh, byte ptr [esp+edx*2-4Fh]
                                    xlatb
                                    dec eax
                                    xchg eax, esp
                                    add al, 23h
                                    push ebx
                                    push edi
                                    sbb byte ptr [eax-25h], ah
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add dword ptr [eax], eax
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    inc ebp
                                    js 00007F5650801DC6h
                                    outsb
                                    push edx
                                    push esp
                                    inc esi
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    dec esp
                                    xor dword ptr [eax], eax
                                    add dh, byte ptr [esi+79h]
                                    mov esp, 58F30642h
                                    dec edx
                                    call far 6BBAh : 59928696h
                                    je 00007F5650801D9Dh
                                    bound eax, dword ptr [esi]
                                    movsd
                                    or dword ptr [ecx], edi
                                    inc esi
                                    popfd
                                    out 63h, eax
                                    mov al, byte ptr [72A2B5BAh]
                                    dec edi
                                    lodsd
                                    xor ebx, dword ptr [ecx-48EE309Ah]
                                    or al, 00h
                                    stosb
                                    add byte ptr [eax-2Dh], ah
                                    xchg eax, ebx
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    mov bh, 1Ah
                                    add byte ptr [eax], al
                                    jnp 00007F5650801D6Ch
                                    add byte ptr [eax], al
                                    add byte ptr [ecx], cl
                                    add byte ptr [ecx+73h], al
                                    push 72616F62h
                                    add byte ptr fs:[ecx+eax], dl
                                    or byte ptr [eax], al
                                    dec ebp
                                    inc esp
                                    dec ecx
                                    inc esi
                                    outsd

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x803540x28.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x870000x133f8.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                    IMAGE_DIRECTORY_ENTRY_IAT0x10000x364.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000x801c80x81000False0.334565391836data6.2183301582IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .data0x820000x4a480x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                    .rsrc0x870000x133f80x14000False0.338671875data5.02760964735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    CUSTOM0x872580xd200PE32+ executable (DLL) (GUI) x86-64, for MS WindowsEnglishUnited States
                                    RT_BITMAP0x944580x25a8dataEnglishUnited States
                                    RT_BITMAP0x96a000x25a8dataEnglishUnited States
                                    RT_ICON0x98fa80x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4289967027, next used block 2880417711
                                    RT_STRING0x9a0500x64dataDanishDenmark
                                    RT_STRING0x9a0b40x90dataEnglishUnited States
                                    RT_STRING0x9a1440x48dataAfrikaansSouth Africa
                                    RT_STRING0x9a1440x48dataAfrikaansNamibia
                                    RT_STRING0x9a18c0x88dataArabicJordan
                                    RT_GROUP_ICON0x9a2140x14data
                                    RT_VERSION0x9a2280x1d0dataEnglishUnited States

                                    Imports

                                    DLLImport
                                    MSVBVM60.DLL__vbaVarTstGt, __vbaVarSub, __vbaStrI2, __vbaNextEachAry, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLineInputStr, __vbaLateIdCall, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFpCDblR8, __vbaVarIndexStore, __vbaNextEachVar, __vbaLineInputVar, __vbaFreeObjList, __vbaStrErrVarCopy, __vbaVarIndexLoadRef, _adj_fprem1, __vbaRecAnsiToUni, __vbaI2Abs, __vbaStrCat, __vbaWriteFile, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenVar, __vbaVargVarCopy, _adj_fdiv_m32, __vbaAryVar, __vbaVarTstLe, __vbaAryDestruct, __vbaVarIndexLoadRefLock, __vbaLateMemSt, __vbaVarForInit, __vbaForEachCollObj, __vbaExitProc, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarIndexLoad, __vbaCyStr, __vbaFpR4, __vbaBoolVar, __vbaVargVar, __vbaVarTstLt, __vbaRefVarAry, __vbaFpR8, __vbaBoolVarNull, _CIsin, __vbaErase, __vbaVarZero, __vbaNextEachCollObj, __vbaVargVarMove, __vbaVarCmpGt, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaGet3, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaObjVar, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCastObjVar, __vbaStrR4, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaStrR8, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, __vbaObjIs, __vbaRedimVar, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaVarMul, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, __vbaExitEachAry, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaVarDiv, __vbaFPException, __vbaInStrVar, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaCheckType, __vbaI2Var, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaR8Str, __vbaVar2Vec, __vbaInStr, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaVarCmpLt, __vbaFreeStrList, __vbaVarNot, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaForEachAry, __vbaVarCmpEq, __vbaVarAdd, __vbaAryLock, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaVarLateMemCallLd, __vbaVarCopy, __vbaFpI4, __vbaRecDestructAnsi, __vbaVarSetObjAddref, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, __vbaAryCopy, __vbaI2ErrVar, __vbaStrMove, __vbaCastObj, __vbaI4Cy, __vbaForEachVar, __vbaStrVarCopy, __vbaR8IntI4, _allmul, __vbaLateIdSt, __vbaLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaStrCy, __vbaMidStmtBstr, __vbaI4ErrVar, __vbaFreeStr, __vbaFreeObj

                                    Version Infos

                                    DescriptionData
                                    Translation0x0409 0x04b0
                                    ProductVersion1.00
                                    InternalNamea
                                    FileVersion1.00
                                    OriginalFilenamea.exe
                                    ProductNameExtendedRTFDemo

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States
                                    DanishDenmark
                                    AfrikaansSouth Africa
                                    AfrikaansNamibia
                                    ArabicJordan

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Sep 28, 2021 07:23:14.652782917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:14.737989902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:14.738344908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:14.812731981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:14.900079012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:14.900105000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:14.900263071 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:14.905447960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:15.073632956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:15.117784977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:16.496849060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:16.805447102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.013879061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.014098883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.251221895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.254928112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.255049944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.256294012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.305497885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.345065117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.523680925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.536153078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.536339045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.538022041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.563302994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.563565969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.570718050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.618047953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.821669102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.823777914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.824034929 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.825999975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.828000069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.828154087 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.865106106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.867858887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.868210077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.869014978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.871265888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.871328115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:17.892878056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.901174068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:17.901308060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.062689066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.064376116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.064568996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.068892956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.073199034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.073420048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.085699081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.087619066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.087790966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.097271919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.110946894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.111253977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.165436983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.167412043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.167903900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.172036886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.173840046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.174132109 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.176415920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.179919958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.180059910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.180576086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.182919979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.183020115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.191443920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.203718901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.203808069 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.206099033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.208183050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.208349943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.275572062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.280776024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.280987978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.282998085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.285180092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.285339117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.287138939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.290024042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.290108919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.291712046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.298768044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.298907042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.301708937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.307028055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.307240963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.308864117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.311151981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.311311007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.357351065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.369348049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.369508982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.371736050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.375111103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.375310898 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.763593912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.766567945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.766637087 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.775648117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.778624058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.778790951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.785340071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.786214113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.786281109 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.793952942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.794466972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.794533968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.810112000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.814033031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.814515114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.822007895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.822913885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.823091030 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.879980087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.880603075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.880738020 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.890779972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.891618013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.892365932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.928694010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.954525948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.954775095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.955333948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.973241091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.973496914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:18.973984957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.993422031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.993455887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:18.993567944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.066675901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.068574905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.068691969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.072860003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.077610016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.077749968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.083368063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.085544109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.085652113 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.107192039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.109797001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.109868050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.142096996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.144328117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.144427061 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.168823957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.170814991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.170892954 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.292840004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.295319080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.295394897 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.297409058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.300103903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.300215960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.348436117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.351047039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.351146936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.361450911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.368745089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.368966103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.371041059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.373059034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.373606920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.384567022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.386682034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.386785984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.395592928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.399826050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.399941921 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.402353048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.404648066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.404726028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.416331053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.417279959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.417380095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.426918030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.428111076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.428239107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.474922895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.481924057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.482004881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.492692947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.494463921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.494568110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.506637096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.507519960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.507615089 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.548681974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.550811052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.550970078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.574095964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.576100111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.576284885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.586136103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.608666897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.608772993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.637342930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.639597893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.640228033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.648340940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.650616884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.650719881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.655332088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.657088041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.657174110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.674103022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.728686094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.871887922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.876640081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.876748085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.878848076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.910923958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.911159039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.917687893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.919599056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.920209885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.926676035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.931874037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.931978941 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.936783075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.938616991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.939158916 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.949850082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.954052925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.954205990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.972649097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.976900101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:19.977060080 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:19.978780031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.004189968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.004368067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.018352032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.020620108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.022228956 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.033165932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.035092115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.035258055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.058671951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.060754061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.060899019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.089582920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.091766119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.091842890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.102556944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.149611950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.170555115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.172751904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.172931910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.175514936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.177793026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.177966118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.190068960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.192279100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.192445993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.194503069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.205822945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.206022024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.212636948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.215059042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.215188980 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.231091022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.233033895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.233158112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.255351067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.305767059 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.645903111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.646807909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.646933079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.688620090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.697932959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.698040962 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.698520899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.704912901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.705020905 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.711587906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.712800980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.712930918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.722095013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.723026991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.723216057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.740653038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.741031885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.741144896 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.764864922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.775055885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.775162935 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.818662882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.820590973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.822660923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.823127031 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.827244997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.827626944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.829540014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.834099054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.834165096 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.836347103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.838587046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.838677883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.844439030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.852590084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.852672100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.853780985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.899518013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:20.956890106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.973121881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:20.973294020 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.003983974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.004529953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.004611015 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.004981995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.005502939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.005558968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.006278038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.006742001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.007038116 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.007249117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.008027077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.008080006 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.033165932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.035355091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.035434961 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.037355900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.087018013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.628338099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.636601925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.636996031 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.681412935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.694346905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.695229053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.695329905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.702111006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.702239990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.703069925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.711606979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.711716890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.712790966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.723850965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.724756956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.724899054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.737826109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.737962961 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.753401041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.755449057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.756357908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.767317057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.769328117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.769589901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.771538019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.773535013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.773634911 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.797893047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.799818993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.799978971 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.802299023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.804804087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.804945946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.826117039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.833431005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.836345911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.836554050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.957634926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.962253094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.964186907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.964371920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.975028038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.977070093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.977185965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.979866028 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:21.981197119 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:21.986428022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.009946108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.010539055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.010684013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:22.011204004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.011521101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.011600971 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:22.136112928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.145344019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.145996094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:22.146126986 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.390611887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.399132967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.400234938 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.413160086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.438404083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.438508987 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.439318895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.447598934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.448538065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.448590040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.455547094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.455640078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.456801891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.465872049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.466759920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.466912985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.474878073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.475024939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.475956917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.483606100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.483755112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.484590054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.491904020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.492079020 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.492769003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.499092102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.499212027 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.538937092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.539792061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.541488886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.557411909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.569482088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.569582939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.570292950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.581614971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.581763983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.582525969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.596652031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.596760988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.613159895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.627618074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.627830982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.631674051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.680984974 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.683875084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.684813023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.685129881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.711868048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.719907999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.719997883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.721122026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.762157917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.762280941 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.763298035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.773329973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.775103092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.783655882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.784790993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.784940958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.895848989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.900291920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.900975943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.903008938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.905050993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.905179024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.907308102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.909285069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.910075903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.916600943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.918644905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.919169903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.923167944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.925055027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.925446987 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.931615114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.933594942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.933732033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.936654091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.938620090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.938725948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.943414927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.959892035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.960367918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.965032101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.967103958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:23.967469931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:23.969487906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.011540890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.015306950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.056433916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.058320999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.060551882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.060782909 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.062938929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.063225985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.068416119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.070986032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.072015047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.075159073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.094696045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.099220037 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.100502968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.106472015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.108726025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.108975887 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.120371103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.120620966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.146279097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.148183107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.148473024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.153423071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.155491114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.157221079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.157614946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.168601990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.170175076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.215840101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.226816893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.228009939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.236274004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.238508940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.240767956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.240865946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.245748997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.247148991 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.256834030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.261059046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.261480093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.268781900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.270762920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.270859003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.277798891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.279804945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.279943943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.286684990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.288618088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.288717985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.301204920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.303328037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.303476095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.305562973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.309773922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.312910080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.313021898 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.314851046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.317318916 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.319665909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.321778059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.321863890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.323877096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.324584007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.324733973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.324807882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.329145908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.329636097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.329766035 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.330301046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.334064007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.334325075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.334764004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.334825039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.335575104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.336093903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.336177111 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.340598106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.341063023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.341141939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.341773987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.342339039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.342406034 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.346854925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.347543001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.347656012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.354935884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.355365992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.355534077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.358412027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.358808994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.358952045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.359595060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.361339092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.361661911 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.362049103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.362575054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.363039970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.363130093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.363883018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.365216970 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.414985895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.415332079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.415442944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.416591883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.416627884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.416716099 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.418791056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.419563055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.419642925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.421297073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.421778917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.421875000 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.422578096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.423048973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.423161983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.423579931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.424261093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.424825907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.424958944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.425297022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.425789118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.425869942 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.427536964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.427634954 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.428483009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.478024006 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.652184963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.742819071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.742887974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.743042946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.743309021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.744108915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.744168997 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.744725943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.745031118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.745107889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.745955944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.746439934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.746527910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.746927023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.759818077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.759948015 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.760859966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.761320114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.761476994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.766459942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.766818047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.766962051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.767585039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.768098116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.768188953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.768616915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.769320965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.769401073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.769805908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.770303965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.770374060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.771069050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.771524906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.771631956 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.772047997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.772799969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.772877932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.773344040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.774056911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.774120092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.774516106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.775032043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.775125980 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.775835991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.776258945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.776348114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.776782036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.777542114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.777647972 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.778014898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.778501987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.778584957 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.779293060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.779777050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.779881001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.780479908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.781009912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.781095028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.882848978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.883296967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.883430958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.883754015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.884301901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.884394884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.885297060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.885833979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.885947943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.886590004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.887027025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.887120008 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.897418976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.898057938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.898222923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.898561001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.899296999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.899422884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.902865887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.903290033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.903397083 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.904021025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.904597998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.904697895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.905042887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.924952984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.925132036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.925551891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.926081896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.926227093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.926878929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.927442074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.927566051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.927586079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.932163000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.932310104 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.932852983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.933311939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.933433056 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.933801889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.934535027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.934613943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.934998989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.935549021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.935626030 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.936300039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.936781883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.936871052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.937243938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.939634085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.939738989 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.940346003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.941354990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.941463947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.954771996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.955174923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:24.955297947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:24.955852985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.009394884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.198934078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.199028015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.199105024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.204603910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.205007076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.205123901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.206367970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.206547022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.206607103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.207020998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.207554102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.207617998 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.208012104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.210024118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.210114002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.212095022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.212126970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.212152004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.212177038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.212198973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.212238073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.213099003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.213187933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.216722965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.218275070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.218353987 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.218971968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.219499111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.219562054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.223484993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.223510981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.224181890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.226811886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.237531900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.237649918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.238127947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.238931894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.239016056 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.239197016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.241868019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.242050886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.242106915 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.248064995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.248228073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.248255968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.250842094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.250993967 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.251138926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.251820087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.251983881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.252083063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.254376888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.254554987 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.254844904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.306181908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.334784985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.384319067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.598412991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.599071980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.599143028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.601712942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.601744890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.601838112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.601991892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.602524996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.602622032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.603321075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.603740931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.603805065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.604285002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.605005026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.605072975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.613312006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.613749981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.613810062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.614535093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.615016937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.615072012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.645198107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.646106958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.646279097 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.646568060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.647360086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.647519112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.647835016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.648622036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.648721933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.649079084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.649559021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.649669886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.674977064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.675611019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.675724983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.676064014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.679090977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.679208994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.679766893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.680314064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.680392027 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.680813074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.687921047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.688064098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.688278913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.688735962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.688801050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.689589024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.690013885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.690097094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.690572977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.691167116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.691255093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.691833973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.695637941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.695760965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.704427958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.705230951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.705326080 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.705784082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.706322908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.706387043 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.707102060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.707592964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.707662106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.708081007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.709031105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.709104061 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.709846973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.710352898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.710433960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.711055040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.711575985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.711661100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.714924097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.715332985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.715411901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.731235027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.731278896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.731417894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.742394924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.742489100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.742526054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.742561102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.742595911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.744658947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.752243996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.766021013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.766365051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.772895098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.772974014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.773015976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.773056984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.773093939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.773132086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.778234005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.778263092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.778266907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.779406071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.779470921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.779503107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.779535055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.779562950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.785516977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.785581112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.785587072 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.787029028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.802648067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.806904078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.807254076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.807737112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.808518887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.809014082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.809498072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.810278893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.810724974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.811517954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.812763929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.812793970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.814553976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.814580917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.814605951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.818936110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.835521936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.835788965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.835858107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.838907003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.839534998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.839644909 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.840053082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.840487957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.840548038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.843683958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.844037056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.844115019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.863986015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.871052027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.871134996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.871582031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.872078896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.872152090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.874378920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.874800920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.874864101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.875543118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.876585007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.876647949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.876666069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.877329111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.877392054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.877804041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.878324032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.878395081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.878792048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.879426003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.879492044 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.879791021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.901918888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.902075052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.902292013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.903062105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.903139114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.903518915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.904004097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.904066086 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.904732943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.905267000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.905334949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.905752897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.906546116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.906619072 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.906974077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.907511950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.907584906 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.908251047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.908747911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.908808947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.909511089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.910108089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.910172939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.919651985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.920300007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.920376062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.923568010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.924304962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.924376011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.924897909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.925371885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.925425053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.926831961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.927340984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.927428961 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.955696106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.958406925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.958508968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.958794117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.959563971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.959634066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.964396000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.970674992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.970808029 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.971283913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.971803904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.971877098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.977400064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.977833986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.977900028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.978528023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.979034901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.979136944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:25.979553938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.980093002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:25.980261087 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.001928091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.002549887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.002609968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.003303051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.003818989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.003891945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.004539013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.005053043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.005109072 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.005584955 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.006366014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.006422043 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.006895065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.007828951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.007896900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.009607077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.010057926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.010147095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.011840105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.012278080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.012339115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.012824059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.013773918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.013828993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.016870975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.017267942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.017317057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.022160053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.025122881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.025234938 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.025557995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.026298046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.026370049 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.026803017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.027542114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.027622938 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.042915106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.043524981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.045028925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.045109034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.047241926 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.047269106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.069552898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069590092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069612026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069633961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069654942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069679976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069704056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069725990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.069746017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.070046902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.076335907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.091917038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.092295885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.092384100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.093081951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.098567009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.098648071 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.100061893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.100796938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.100872040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.101262093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.101788998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.101855993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.106333971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.114099979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.114216089 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.114815950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.115434885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.115786076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.116238117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.116537094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.116655111 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.117024899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.117769003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.117854118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.118316889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.119041920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.119131088 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.120816946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.121295929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.121367931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.126808882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.127438068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.127517939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.127773046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.129095078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.129179001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.136636019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.137264967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.137362003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.138164043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.138262987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.138320923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.162507057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.162791014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.162849903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.163283110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.164043903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.164109945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.164541006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.165342093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.165417910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.165786982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.166389942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.166452885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.166766882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.167356014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.167421103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.175950050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.176280975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.176338911 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.190402985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.190762997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.190840960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.191526890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.192003012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.192059040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.192523956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.193269968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.193325996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.199618101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.200270891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.200340986 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.202073097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.204319954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.204396009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.204725027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.205255032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.205317974 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.206091881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.206486940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.206547022 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.206990957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.207776070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.207850933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.208750010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.210819006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.210901976 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.213881969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.214325905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.214385986 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.218677044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.219175100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.219244003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.222069025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.222577095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.222640038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.223244905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.223731041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.223790884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.248043060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.248265028 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.248332024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.249532938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.250024080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.250071049 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.253035069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.253592014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.253643990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.254349947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.254791975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.254853010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.254965067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.255772114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.255836964 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.260143042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.260516882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.260575056 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.274142027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.274854898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.274944067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.275515079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.276209116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.276259899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.277784109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.278328896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.278393984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.283138990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.283827066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.283894062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.292610884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.293251991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.293313026 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.293767929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.294236898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.294281006 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.295001984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.295526981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.295583010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.302392006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.302809954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.302862883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.303587914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.304058075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.304126024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.304543972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.305247068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.305291891 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.305751085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.306242943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.306301117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.312597990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.313009024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.313065052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.314775944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.315495968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.315562010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.336905956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.337651014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.337740898 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.341847897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.342269897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.342327118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.342747927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.345335007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.345422029 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.345797062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.346513033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.346580982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.347225904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.348172903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.348234892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.352128983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.354562044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.354659081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.358334064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.359029055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.359083891 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.359540939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.360263109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.360315084 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.362103939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.363078117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.363133907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.367094040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.367575884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.367638111 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.377862930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.378546000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.378607035 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.379056931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.379549026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.379607916 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.380260944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.380788088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.380846024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.386009932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.386333942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.386385918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.387569904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.387979984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.388025999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.390780926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.394819975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.394881010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.395562887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.395982027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.396039009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.399903059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.403342009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.403398991 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.403743029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.404598951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.404670000 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.421125889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.421546936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.421636105 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.425085068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.425478935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.425553083 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.431339979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.431773901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.431870937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.432270050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.433001041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.433072090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.433218002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.435831070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.435929060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.437819958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.438543081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.438632965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.443465948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.443775892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.443856001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.444554090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.445013046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.445096016 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.446842909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.448055029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.448199987 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.452084064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.452505112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.452585936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.462357998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.463026047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.463135004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.465912104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.466289043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.466393948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.467048883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.467530966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.467612982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.471637011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.471959114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.472039938 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.472568989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.473046064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.473121881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.478089094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.478579998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.478653908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.479350090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.480006933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.480163097 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.488110065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.488583088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.488660097 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.489355087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.489758968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.489814997 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.508910894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.509526968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.509593964 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.510283947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.510788918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.510848999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.515350103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.515743971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.515825033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.517277002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.518039942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.518119097 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.518205881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.521284103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.521362066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.522006035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.522792101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.522850037 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.528121948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.529556990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.529623032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.530031919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.530802965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.530874014 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.543205976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.543469906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.543530941 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.547652960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.548438072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.548523903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.553071022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.553512096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.553586960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.584619999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.585267067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.585340977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.585782051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.586518049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.586584091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.587018967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.587507010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.587579966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.620398998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.621078014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.621151924 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.621531963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.623584986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.623686075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.625303984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.625797987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.625920057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.682388067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.682787895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.682873011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.684869051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.685626984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.685724020 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.686168909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.686767101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.687252045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.687339067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.687771082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.688613892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.688673019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.689047098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.689577103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.689620972 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.690321922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.690550089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.690602064 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.691265106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.691373110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.691782951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.693599939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.693655968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.694294930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.694761038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.694807053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.695264101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.696032047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.696607113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.696657896 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.697041035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.697083950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.698781013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.699311018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.699387074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.699996948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.700531960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.701785088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.701874971 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.702236891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.703017950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.703090906 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.703532934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.703999996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.704112053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.704726934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.705878973 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.714839935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.715260029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.715342999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.716068029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.716506958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.716573954 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.717243910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.717780113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.718118906 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.767884970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.768269062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.772397995 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.772995949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.773794889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.774221897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.774765968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.775552988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.775985003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.777415991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.777827024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.779773951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.780245066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.780730009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.781225920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.785358906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.785384893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.785408020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.785433054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.785456896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.786102057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.786555052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.787018061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.796467066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.798412085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.798445940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.798470974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.798491001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.798512936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.798974037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.799247980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.805371046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.805430889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.805454016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.809582949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.809608936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.809633970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.813077927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.814778090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.814807892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.824312925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.856472015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.856762886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.864124060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.882323980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892461061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892496109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892519951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892544031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892566919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892592907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892616987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892641068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892664909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892683983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892708063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892730951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892754078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892780066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892803907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892827034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.892851114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.894138098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.899416924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.899462938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.900263071 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.915404081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.915430069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.915442944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.915455103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.915476084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.916323900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.916347980 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.922493935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922521114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922535896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922549963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922564030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922579050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922594070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922607899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922626019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922641993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922646999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.922655106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.922672033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.922693014 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.922724962 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.922902107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.949717045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.950145960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.958093882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.988873959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.989094973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.989501953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.989636898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.990389109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.990474939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.990849972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.991658926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.992105961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.992172956 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.992618084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.992688894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.997674942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.998059988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:26.998142004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:26.998271942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.019684076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.019748926 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.020010948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.021024942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.021101952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.021544933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.021775961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.022351980 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.022525072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.023077011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.023139954 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.023524046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.024321079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.024532080 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.025031090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.037127018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.037193060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.038027048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.038480997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.038535118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.039251089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.039768934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.039819002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.043390989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.048290014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.048382044 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.048552036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.049330950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.049458027 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.049834013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.050332069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.050398111 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.051069975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.051599979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.051728010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.052067041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.052917004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.054543018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.058928967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.059575081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.060992002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.061634064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.074750900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.074836969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.075088024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.075860023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.075926065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.076268911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.077188015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.077241898 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.077617884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.078032970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.078871012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.078947067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.082129002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.082406044 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.082545996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.103460073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.103585958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.107270956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.107327938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.107480049 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.108556986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.109051943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.109119892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.112310886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.113056898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.113111973 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.113528013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.114022017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.114094019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.123661041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.124339104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.124408007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.125778913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.126543045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.126806974 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.127177000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.127804041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.127863884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.130542994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.131026983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.131082058 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.137392998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.138034105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.138097048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.139837027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.140314102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.142297983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.142528057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.143049002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.143098116 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.143501043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.144279003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.145361900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.152384043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.152781963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.152863026 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.162360907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.167346001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.167432070 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.167808056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.168531895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.168593884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.169080973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.169502974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.170286894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.170362949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.170762062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.171536922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.171608925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.172041893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.172111988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.197882891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.198601007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.198977947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.199048996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.199785948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.199851036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.200603008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.200936079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.201003075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.201297998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.202083111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.202133894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.202579021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.203313112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.206242085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.214204073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.214623928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.214699984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.222868919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.223273993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.223387003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.223793030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.224564075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.224625111 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.225009918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.225563049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.225622892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.230079889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.230576038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.230683088 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.231041908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.231828928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.231889963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.233355999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.234091997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.234349966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.237505913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.237798929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.237873077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.239569902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.240315914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.240374088 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.252584934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.254081011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.254137993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.254154921 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.254378080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.254442930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.254904032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.255357981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.256128073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.256206036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.258339882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.258390903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.259072065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.259550095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.259622097 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.259773970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.293140888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.293241024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.294095039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.294858932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.295275927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.295335054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.296094894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.297291040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.297353983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.304085970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.307388067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.309957027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.310305119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.310405016 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.311105967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.311589003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.313313961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.313376904 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.313815117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.315382004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.315591097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.316353083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.316416025 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.318115950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.318562031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.320357084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.320432901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.320811987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.322623014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.322700024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.324831009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.324898958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.330122948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.330821991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.331305981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.331392050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.332098007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.332562923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.332652092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.333293915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.333360910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.338819027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.339303970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.339396000 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.340135098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.340580940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.340648890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.342617035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.343097925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.343154907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.344589949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.345314980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.345864058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.345928907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.346354961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.346760035 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.346892118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.378530979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.379189968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.379395962 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.379559040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.379636049 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.380281925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.381906986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.382134914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.382585049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.393173933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.394818068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.394973993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.395289898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.395423889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.398085117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.398822069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.398896933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.399293900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.399755001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.403044939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.403436899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.403806925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.404314041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.404398918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.407346010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.407763958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.407850027 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.409773111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.409851074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.423885107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.441565990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.441648006 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.443280935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.444545031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.445003986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.445075035 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.445491076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.446296930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.446374893 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.446769953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.447091103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.447303057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.447985888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.448525906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.448590994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.449284077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.449754000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.449815035 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.450299025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.451013088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.451073885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.451534033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.452009916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.452071905 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.452816963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.453326941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.453398943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.463356018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.463805914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.463897943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.469332933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.469377041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.469398022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.469511032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.484392881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.485091925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.485196114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.485512018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.486303091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.486394882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.489864111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.490281105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.490369081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.494868040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.495280981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.495398045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.496052027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.496556044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.496614933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.497034073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.500052929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.500562906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.500628948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.501040936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.503400087 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.525194883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.525949001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.526045084 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.530653000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.531084061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.531183958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.531862020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.532310963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.532403946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.533041954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.533596992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.533670902 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.534029961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.534917116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.534981966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.535304070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.537168026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.537539959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.537611008 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.538280964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.538789988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.538857937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.539303064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.539396048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.540112972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.540513992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.540590048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.541091919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.547168970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.547466040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.547595024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.558221102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.558509111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.558602095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.559259892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.559402943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.571011066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.571311951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.571428061 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.571822882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.572557926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.572653055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.576883078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.578094006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.578180075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.584382057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.584419012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.584530115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.585855007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.586556911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.586627007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.587595940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.589059114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.589147091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.589521885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.590292931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.590356112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.610702991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.634692907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.634856939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.635047913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.635824919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.636286974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.636347055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.637157917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.638794899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.638875961 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.639337063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.639769077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.642862082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.643277884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.643414021 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.644068956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.644546032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.645065069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.645112038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.645798922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.646305084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.646353960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.647073984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.647134066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.647836924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.648288965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.648468971 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.648756981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.651665926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.651988029 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.654375076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.675384998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.675460100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.676104069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.676562071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.676631927 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.679363966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.680103064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.680170059 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.697448969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.698038101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.698126078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.699573040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.700305939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.700371981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.702100039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.702526093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.702593088 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.703023911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.703775883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.703841925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.704292059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.704838037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.704900980 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.705693007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.706186056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.706249952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.719027996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.719295979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.719386101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.720053911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.720506907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.720567942 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.721025944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.721541882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.721613884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.725699902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.726380110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.726474047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.726777077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.740241051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.740400076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.740621090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.742865086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.742960930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.743642092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.744153023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.744223118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.744580984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.745306015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.745363951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.746809006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.747587919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.747656107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.748048067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.752496958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.752597094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.772732019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.773318052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.773389101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.778673887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.779558897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.779628038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.780071020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.780843973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.780883074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.822381020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.822778940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.822839975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.823545933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.824018002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.824080944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.824541092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.825385094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.825469017 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.826853991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.827518940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.827585936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.831069946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.831527948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.831573963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.832032919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.832760096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.832808971 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.833273888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.833781958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.833841085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.836916924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.837541103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.837630033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.838098049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.838510036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.838589907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.839670897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.840009928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.840074062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.840501070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.841430902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.841495991 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.847479105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.848083973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.848157883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.848861933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.849570990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.849664927 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.849750996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.850302935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.850358963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.853532076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.858326912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.858452082 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.859028101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.859332085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.859390020 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.873343945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.873763084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.873826981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.874566078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.878534079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.878612995 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.879040003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.880331993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.880393982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.911020994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.911571980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.911684036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.926136971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.926564932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.926667929 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.927309036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.927802086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.927892923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.930121899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.930829048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.930943012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.931348085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.932828903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.932950974 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.936260939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.943073034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.943197966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.970720053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.975261927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.975389004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.985634089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.986284018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.986381054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:27.986763000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.987277031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:27.987361908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.036472082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.037417889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.037539005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.078341961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.084580898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.084749937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.118741035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.127842903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.128045082 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.128585100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.136728048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.136925936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.137588978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.147895098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.148067951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.192073107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.199739933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.199834108 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.200023890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.207412958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.207499981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.357943058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.358618975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.358727932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.366400003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.368307114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.368441105 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.370579004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.375593901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.375699997 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.453924894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.455848932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.456062078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.483683109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.488059044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.488164902 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.492698908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.494823933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.494914055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.504179001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.509605885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.509721041 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.512320042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.514039040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.514125109 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.530419111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.533247948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.533353090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.674357891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.676609039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.676752090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.710804939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.712811947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.712937117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.715025902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.717051983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.717205048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.745953083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.751125097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.751207113 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.803416014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.805339098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.805488110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.823637009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.825628042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.825745106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.855515957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.857625961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.857737064 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:28.893397093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.895569086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:28.895781994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.016736984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.017076969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.017165899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.017591953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.018621922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.018733978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.254976988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.257200956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.259380102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.259486914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.264152050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.267648935 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.277750015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.279756069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.280802011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.430921078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.447715998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.455324888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.469757080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.469822884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.469898939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.486083031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.492392063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.496876001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.502697945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.518949986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.532212973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.541268110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.549927950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.551949024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.561180115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.575779915 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.628454924 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.708427906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.718713999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.739075899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.768241882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.769762039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.769907951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.769969940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.788533926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.788644075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.789704084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.789774895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.803343058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.804466009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.805185080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.805263996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.861643076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.861726046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.863894939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.863951921 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.910110950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.910177946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.912729025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:29.912812948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:29.931529045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.033008099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.033097982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.035128117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.035202026 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.128217936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.128305912 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.132366896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.132431030 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.275279999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.318655968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.318743944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.320672035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.320988894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.322140932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.324373960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.324934959 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.752005100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.752082109 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.754129887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.754201889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.756642103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.756714106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.763751030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.763832092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.773369074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.773432970 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.775332928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:30.775573015 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:30.884804010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:31.003252029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:31.003408909 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:31.006330013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:31.006480932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.103688002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.190084934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.190135956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.190337896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.190562963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.191209078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.191639900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.191745996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.192028999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.192310095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.192379951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.193674088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.193707943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.195204020 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.195252895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.200114012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.200139046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.200164080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.200246096 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.200517893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.200689077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.205594063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.206253052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.208583117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.208638906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.208674908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215110064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215182066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215193987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215231895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215271950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215302944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215333939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215364933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215394974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.215784073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.216193914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.225828886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.225861073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.225863934 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.225867033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.225869894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.225872993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.225928068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.225956917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.225984097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.226015091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.226044893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.249789953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.249825001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.308218002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.347750902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.349864960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.349987030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.420655966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.422862053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.429898024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.431287050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.436727047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.436763048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.436783075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.436855078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.767632961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.770386934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.770509958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.772279024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.775105000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.775228977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.777089119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.779279947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.779381990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.781323910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.786853075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.786986113 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.794583082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.824650049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.824799061 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.826793909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.828787088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.828916073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.843415022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.848380089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.848468065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.872885942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.874806881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.874994040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.876813889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.885839939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.886030912 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:32.887892962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:32.931910038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.074842930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.075505972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.075596094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.076340914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.076827049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.076906919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.077311039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078022957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078085899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.078531027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078852892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078875065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078902006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078907013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.078927040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078952074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.078984976 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.079013109 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.079356909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.079931974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.080027103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.080615997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.081144094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.081198931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.081459045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.082788944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.082884073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.083542109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.092972994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.093099117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.163957119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.164324999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.164480925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.169445038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.169477940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.169605017 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.170443058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.170466900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.170581102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.172391891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.178169966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.178196907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.178230047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.178373098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.178955078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.180942059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.184273005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.184395075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.185405970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.186065912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.186171055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.186317921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.196151018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.196357965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.197146893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.200948954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.201175928 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.201217890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.243860006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.243995905 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.244610071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.291299105 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.320532084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.320589066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.320650101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.323272943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.323467016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.323513985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.324292898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.324686050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.324738979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.325229883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.342502117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.342556953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.343193054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.343688965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.343735933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.344674110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.354763031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.354820013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.354865074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.400546074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.458388090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.461266041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.461410046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.473026991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.473684072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.473750114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.487015009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.487415075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.487488985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.487498999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.528366089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.528472900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.529102087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.572484970 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.585724115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.634958029 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.681576967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.682246923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.682349920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.688407898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.689086914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.689155102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.692358017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.693068027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.693126917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.701639891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.702657938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.702723026 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.703087091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.703594923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.703656912 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.706980944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.707421064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.707480907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.708173037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.760046959 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.886015892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.886648893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.886738062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:33.901916027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.911550999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:33.911672115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.080655098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.081060886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.081104040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.132180929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.181951046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.193193913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.196567059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.196671009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.196882010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.197622061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.197705984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.198163986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.199197054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.199290991 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.199335098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.199992895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.200068951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.200645924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.202622890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.202721119 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.203262091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.203589916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.203655005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.204389095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.206186056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.206273079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.206650019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.207412004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.207493067 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.217428923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.217869043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.217930079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.221226931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.221668005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.221774101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.223639011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.224129915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.224217892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.283843040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.300658941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.300757885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.301079035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.302871943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.302947998 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.303324938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.304120064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.304173946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.304558992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.305102110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.305161953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.305826902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.306315899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.306377888 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.307073116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.307602882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.307678938 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.309621096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.310120106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.310194969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.310554981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.311317921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.311393976 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.312813044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.313304901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.313385963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.337007999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.337743044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.337867022 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.339307070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.339850903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.339947939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.343055010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.343468904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.343549013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.398250103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.398612022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.398710966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.399081945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.399852991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.399957895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.420538902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.422457933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.422575951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.425138950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.425659895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.425721884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.426182985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.428389072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.428488016 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.429060936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.430638075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.430704117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.435252905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.436764002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.438221931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.439580917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.439707994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.439738035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.439764023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.439774036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.439789057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.439814091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.448223114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.448870897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.451922894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.453402996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.455487013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.455826044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.467127085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.493710041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.493879080 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.494060993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.495048046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.495168924 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.495601892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.511679888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.511869907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.512355089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.512907028 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.512963057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.513303041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.514116049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.514189959 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.514657021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.515151024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.515264034 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.521634102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.522300005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.522366047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.535164118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.535573959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.535645008 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.544146061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.544786930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.544867039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.547887087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.548276901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.548341990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.561691999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.561721087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.561815023 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.562001944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.562619925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.562681913 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.563229084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.563921928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.563944101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.563977003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.581254959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.581386089 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.581808090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.582288027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.582345009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.599281073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.599889994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.599953890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.600358963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.650752068 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.652261972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.652384043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.652445078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.652793884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.654611111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.654678106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.655328035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.686532974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.686800003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.686903954 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.687561035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.688045979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.692245007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.692831039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.692893028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.693447113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.693969011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.694065094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.700933933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.701318026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.702075005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.712557077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.712827921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.713510036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.713727951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.714062929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.714148998 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.716108084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.716576099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.716656923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.718405008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.718991041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.719084024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.720752001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.720782995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.720803976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.720841885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.722510099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.723037958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.723105907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.740171909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.740305901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.741611958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.742505074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.743185043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.743277073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.743593931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.744103909 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.777926922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.778630972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.778719902 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.779433966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.781127930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.781193018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.781590939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.784522057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.784575939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.786134005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.786629915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.786679983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.802746058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.830775023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.831178904 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.847275019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.849414110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.849558115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.849942923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.850701094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.851090908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.851445913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.851847887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.851931095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.863198996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863255978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863277912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863303900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863327980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863353968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863379955 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863423109 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.863444090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.863454103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863481998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863507032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863528013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.863544941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863555908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.863584042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.863632917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.872798920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.873153925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.873301983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.873686075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.874434948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.874563932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.874810934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.877706051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.878117085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.878158092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.880498886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.880881071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.880996943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.916716099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.916763067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.916899920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.935301065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.935621977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.935748100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.937516928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.937877893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.938013077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.938710928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.939131975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.939235926 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.970104933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.971467018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.972563982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.972692966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.974373102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.974843979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.974937916 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.975317001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.976058960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.976139069 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.976562023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.976614952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.979053974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.979093075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.979212046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.983221054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.983649015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.983795881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:34.984378099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.992459059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.992501974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:34.992638111 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.000350952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.000391006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.000411034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.000432014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.000520945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.000828981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.000889063 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.001411915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.002047062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.002114058 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.030282974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.030787945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.030941010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.075309038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.075345993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.075368881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.075391054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.076095104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.076551914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.078634024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.081052065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.081083059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.088059902 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.094754934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.094791889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.094815016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.094836950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.094857931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.095066071 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.095803022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.095885992 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.096229076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.097208977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.097285032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.100801945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.101320982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.101427078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.102004051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.111525059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.111576080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.111602068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.111722946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.113375902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.114032030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.114191055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.114552975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.115047932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.115897894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.116017103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.116349936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.116851091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.116930962 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.128420115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.128819942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.128953934 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.166455030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.166493893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.166589975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.166866064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.167359114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.168100119 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.168191910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.170553923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.170669079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.172485113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.174293041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.180006981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.180123091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.181492090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.181520939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.181569099 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.181746960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.181771994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.181822062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.183152914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.183614969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.183716059 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.184079885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.186197042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.190893888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.195089102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.195209980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.195359945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.198977947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.199019909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.199069977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.199132919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.199150085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.231908083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.232527018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.232562065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.232659101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.237433910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.237746000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.237775087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.237895966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.243438959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.252928972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.257153988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.275058985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.275101900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.275301933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.276626110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.277388096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.277847052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.277950048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.278363943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.279259920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.280147076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.280595064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.280678988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.282382965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.287417889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.287461042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.287483931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.287508965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.287575006 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.287609100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.287842989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.287911892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.288305998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.290165901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.290863991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.290935993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.297311068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.298599958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.298754930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.299329042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.299415112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.299912930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.300321102 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.300395966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.301165104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.301542997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.301620960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.316739082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.317426920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.317517042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.319020987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.321213961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.321362019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.321718931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.322324038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.322380066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.322911978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.342698097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.342794895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.342921019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.367480993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.367587090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.369831085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.369859934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.369961977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.370398045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.371424913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.371499062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.372040033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.373610973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.373722076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.374058008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.379926920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.380337954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.380445004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.380815029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.381597042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.381665945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.382097960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.382570028 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.382638931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.384361982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.384808064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.384900093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.390449047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.391072989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.391176939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.391825914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.392668962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.392755032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.393095970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.393831968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.393897057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.394328117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.394391060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.394787073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.400656939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.400748968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.401082993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.405654907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.406378031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.406507015 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.406827927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.407326937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.407432079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.430175066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.430417061 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.430603981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.452241898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.452614069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.452761889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.459961891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.460011005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.460150957 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.461105108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.461141109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.461185932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.462371111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.462405920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.462476969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.465126991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.468177080 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.474188089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.475243092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.475334883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.475402117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.476795912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.476836920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.476861954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.476964951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.477010012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.478976011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.479064941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.479229927 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.480673075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.481576920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.481709003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.483390093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.483855009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.483968973 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.487052917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.487092972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.487217903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.487958908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.488604069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.488801003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.488920927 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.489326000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.490117073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.490223885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.490566969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.490642071 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.493223906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.493585110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.493704081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.494128942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.494864941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.495014906 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.495340109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.522479057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.524183989 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.537545919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.538182974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.538326979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.538548946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.538810968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.538935900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.547244072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.550327063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.550540924 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.551244974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.552297115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.552377939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.552413940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.553000927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.553117990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.562249899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.567473888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.567850113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.567991018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.568342924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.569142103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.569278002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.570180893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.570328951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.571995974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.573019028 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.573183060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.574198961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.577553034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.578380108 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.585884094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.587491035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.587546110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.588994980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.588994980 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.589030027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.589054108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.589078903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.589102983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.589124918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.589138031 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.589144945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.589241982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.596524000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.596566916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.596591949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.596611977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.596633911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.596685886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.596739054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.644969940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.645658970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.645833969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.647380114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.647829056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.647975922 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.648652077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.648741961 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.671488047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.672350883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.672522068 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.683022976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.684284925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.684437037 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.684725046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.685458899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.685579062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.686177015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.690987110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.691149950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.691370964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.692167997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.692277908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.693640947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.694098949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.694189072 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.700504065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.700900078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.701010942 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.701486111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.701870918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.701957941 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.702361107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.707000017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.707179070 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.707346916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.707895994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.707982063 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.708646059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.709081888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.709155083 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.709569931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.710417986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.710504055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.710869074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.711451054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.711538076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.716064930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.716368914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.716454983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.717144966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.717703104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.717814922 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.718444109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.719019890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.719099998 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.742276907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.742666006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.742754936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.744721889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.745170116 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.745250940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.745909929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.756119967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.756288052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.756624937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.769721031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.769905090 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.770637035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.775284052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.775429964 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.775706053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.777600050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.777693033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.778181076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.781045914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.781164885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.781717062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.782181978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.782263994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.782737017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.787322044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.787503958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.787977934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.789552927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.789693117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.790246964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.796722889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.796905994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.796930075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.797363043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.797444105 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.798098087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.798929930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.799046993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.799304962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.800057888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.800162077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.800426006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.801035881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.801121950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.801721096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.807913065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.807955027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.808069944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.809724092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.809890032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.810662985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.812109947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.812227011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.812720060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.844630957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.844675064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.844696045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.844717979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.846241951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.848062992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.848107100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.848233938 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.864514112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.865118027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.866141081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.866770029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.868995905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.869683981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.869786024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.873385906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.873425961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.873557091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.879368067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.879508972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.880203009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.881050110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.884052992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.884687901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.885405064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.886221886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.889493942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.889544010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.889847994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.890724897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.891467094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.891828060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.894216061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.894778013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.895579100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.895740986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.896135092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.896226883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.896927118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.897409916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.897480011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.946244001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.947794914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.949153900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:35.970110893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.971817017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:35.971919060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.004416943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.004956961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.005057096 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.021482944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.021944046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.022083044 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.022481918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.032500982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.032674074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.033446074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.033641100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.033715010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.034226894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.038933039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.038968086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.039104939 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.039258957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.039340019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.039902925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.040128946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.040200949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.041670084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.041820049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.041887045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.043258905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.044145107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.044215918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.044893980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.045061111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.045126915 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.045461893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.046269894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.046356916 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.060606956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.061543941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.061685085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.066581011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.066627026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.066649914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.066770077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.066951990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.067003012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.075711012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.076189995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.076272964 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.077651024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.078341007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.078435898 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.086478949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.087364912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.087496042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.095976114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.096370935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.096481085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.117341042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.138695955 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.138859034 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.157551050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.158715010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.158854008 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.288367987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.289364100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.294328928 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.409641027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.409677029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.409702063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.409858942 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.410037041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.410100937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.410949945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.411597013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.411664009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.412007093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.421509027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.421650887 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.425384998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.433593988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.433696985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.433737040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.434674025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.434756994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.435026884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.452070951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.452159882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.452459097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.455142975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.455241919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.455367088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.480588913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.480654955 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.481302023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.488904953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.489008904 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.502758026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.511866093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.511975050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.513092995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.515754938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.515882015 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.534231901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.534912109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.534982920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.545258999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.546205997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.546283960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.553977966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.554732084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.554790974 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.556545019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.556572914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.556643963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.587814093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.591666937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.591803074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.646339893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.646853924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.646923065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.698939085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.704567909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.704673052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.715989113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.719778061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.719880104 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.720585108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.734302044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.734371901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.737914085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.739342928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.739403009 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.740040064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.740612984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.740681887 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.751389980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.759243011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.759341002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.760106087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.760840893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.761038065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.761615992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.763447046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.763541937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.765367031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.767932892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.768016100 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.801747084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.810120106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.810195923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.812073946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.835875034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.835938931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.853152037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.855334044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.855397940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.860168934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.862106085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.862164974 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.875591993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.877587080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.877644062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.885859966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.897583961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.897639036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.909152985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.916297913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.916358948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.918291092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.920346975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.920650959 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:36.982904911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.987718105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:36.987806082 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.048878908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.056562901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.056619883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.126336098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.128284931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.128345966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.150326014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.152528048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.152601004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.157782078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.159801960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.159868002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.162324905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.164329052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.164395094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.166793108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.168873072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.168946981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.171581984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.173782110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.173841000 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.176088095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.178127050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.178183079 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.180083036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.182336092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.182396889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.190885067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.193067074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.193167925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.197899103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.203088045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.203147888 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.213742018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.215572119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.215643883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.221770048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.227602959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.227688074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.230474949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.232317924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.232405901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.246354103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.251085997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.251157999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.253657103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.290957928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.291058064 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.306468010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.318386078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.318670988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.331280947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.333530903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.333601952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.356353045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.372494936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.372586966 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.400197983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.404078960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.404143095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.468826056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.470801115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.470940113 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.491559982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.523632050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.523721933 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.525840998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.528124094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.528208971 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.530081987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.532618999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.532672882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.534607887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.537106037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.537256002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.539124966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.541313887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.541402102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.543581009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.550400972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.550473928 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.552181959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.558743000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.558801889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.560621977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.568747997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.568828106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.570667028 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.572916031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.572994947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.575371027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.577322960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.577409029 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.578288078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.587241888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.587308884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.607001066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.613915920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.613992929 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.631483078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.633497000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.633615017 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.642205954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.646964073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.647066116 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.672684908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.674145937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.674231052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.680613995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.682564020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.682651043 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.721682072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.722615004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.722713947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.748964071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.750179052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.750325918 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.791274071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.821985006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.825017929 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.839224100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.852518082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.852808952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.858189106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.860415936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.860893011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.862591982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.873205900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.873395920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.922043085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.930495024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.931200027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.932341099 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.937750101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.940640926 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.951816082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.952697039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.952862978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.963886976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.966713905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.966941118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.988029957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.989551067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.989854097 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.994671106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.996706009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.996857882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:37.999327898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:37.999560118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.000005007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.000096083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.004394054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.004863977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.012243032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.013096094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.013190031 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.018712997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.041723967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.042156935 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.047693014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.049876928 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.050117970 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.070048094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.072482109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.074201107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.082935095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.085844040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.086122036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.100119114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.102212906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.103485107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.129858017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.134442091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.134618998 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.181004047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.184653997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.188642979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.190583944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.191965103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.192106962 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.197043896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.199551105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.200067043 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.201797962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.206480026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.207235098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.209357023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.237428904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.237709045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.244479895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.247584105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.249027014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.249064922 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.253236055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.255611897 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.256937027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.258912086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.259181023 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.262325048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.278539896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.279076099 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.283776045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.285686016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.286200047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.294096947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.294133902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.294233084 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.295845032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.297647953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.298070908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.304501057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.310985088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.316921949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.331259966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.333596945 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.333880901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.347223043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.351444006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.351953030 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.369221926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.377531052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.377959013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.390480042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.392467022 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.392766953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.425919056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.428169012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.428798914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.455646038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.465178967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.469441891 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.520173073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.522142887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.522315979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.524362087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.531425953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.535419941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.536181927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.536653996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.537658930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.539428949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.564413071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.565932035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.566555023 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.566580057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.571192026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.571602106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.574126959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.574331045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.574557066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.574631929 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.583436012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.584348917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.597250938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.597583055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.603948116 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.607439041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.609735012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.630470991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.670631886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.670773983 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.671070099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.676377058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.676892042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.679600000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.692714930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.692792892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.694621086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.709923983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.710037947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.710586071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.711369038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.711456060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.714359999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.716877937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.716959953 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.726149082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.729149103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.729214907 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.756618023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.758377075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.758495092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.788975954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.795686007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.795835018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.871469975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.873347998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.873437881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.876415968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.884958029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.885035038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.889910936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.892123938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.892187119 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.897653103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.899612904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.899686098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.905399084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.909641027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.909765959 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.911886930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.913868904 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.913984060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.916136980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.918374062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.918456078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.925163984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.930202007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.930368900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.932127953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.938486099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.938633919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.940331936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.958187103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.958386898 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.971075058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.973711967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:38.973886013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:38.974749088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.005983114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.006119013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.025516987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.042053938 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.042254925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.055246115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.058569908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.058671951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.059925079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.061995983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.062067986 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.064886093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.088166952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.088448048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.105283976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.109669924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.109817982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.137034893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.139481068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.139678001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.168164968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.170137882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.170273066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.278903008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.280699015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.280853987 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.284740925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.289715052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.289815903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.291949987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.294316053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.294442892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.300318003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.301448107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.301563978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.311793089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.325234890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.325432062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.328357935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.329325914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.329453945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.340004921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.342128992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.342257977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.344125986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.349133015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.349246025 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.354619026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.356658936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.356760979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.363934040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.367916107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.368015051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.373873949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.376329899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.376442909 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.377577066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.393672943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.393764019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.414683104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.416608095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.416740894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.426649094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.428831100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.428920984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.430845976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.433146000 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.433326960 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.444583893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.456950903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.457075119 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.474458933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.476329088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.476425886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.489876986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.497909069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.498023033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.527697086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.528395891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.528485060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.556570053 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.557362080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.557446957 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.565988064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.566885948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.566966057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.569919109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.570374966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.570462942 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.571882010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.572334051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.572396994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.579261065 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.580193996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.580359936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.591242075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.592343092 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.592416048 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.630495071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.631364107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.631444931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.634643078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.635097027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.635154963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.646440029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.647094011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.647320032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.676755905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.677143097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.677205086 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.677871943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.688759089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.688873053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.689191103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.689866066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.689941883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.708734035 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.710897923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.717536926 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.720575094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.720649004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.722286940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.726624012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.731249094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.749917030 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.750456095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.752433062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.755573988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.777379990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.777437925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.783716917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.821552038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.826560020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.828375101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.873441935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.873477936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.873678923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.888498068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.893199921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.893311977 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.895298958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.907248020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.907376051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.924525023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.926446915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.926553965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.934771061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.936716080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.936835051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.982209921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.984455109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.984596968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.988688946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.988778114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:39.999325991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:39.999437094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.001526117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.001605034 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.006707907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.006880045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.008778095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.008869886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.024493933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.024768114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.026418924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.026521921 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.044960976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.045087099 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.045315027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.045377016 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.048999071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.049096107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.050898075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.050980091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.052124023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.052229881 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.083468914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.083606005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.091476917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.091582060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.092823029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.092899084 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.094702005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.094821930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.097832918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.097944975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.118478060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.118585110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.120874882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.121015072 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.128760099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.129429102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.130645990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.130784988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.173002005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.173103094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.173119068 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.173252106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.204304934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.204344988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.204493999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.243581057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.243697882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.243884087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.243983984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.259685040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.259850025 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.263354063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.263444901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.264422894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.264513969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.270857096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.270973921 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.291964054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.292083979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.294424057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.294538975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.295708895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.295819044 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.297744036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.297848940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.300937891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.301048040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.306569099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.306685925 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.309051991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.309237957 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.407618046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.417764902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.419852018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.419888973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.420559883 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.420593023 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.429579020 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.429621935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.429747105 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.436708927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.436749935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.436928034 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.438246012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.440486908 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.440622091 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.442431927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.447262049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.447506905 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.457923889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.467561007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.467746019 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.469717026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.510627985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.518759012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.520632982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.520772934 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.522910118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.528152943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.528369904 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.610165119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.610898018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.610982895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.611350060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.611857891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.612023115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.724431992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.725361109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.725466013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.725812912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.726634979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.726711988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.727106094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.727598906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.727658033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.728348970 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.728882074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.728954077 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.730475903 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.734965086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.735027075 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.741205931 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.743371964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.743463039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.752933979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.755110025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.755228996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.757127047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.759141922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.762809038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.936335087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.938273907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.938452005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.946486950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.948445082 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.948941946 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.967880011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.969496012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.969584942 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.976589918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.976624012 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.976738930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.989034891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.991195917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:40.992659092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:40.998955011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.005716085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.005831957 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.006130934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.010390997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.010808945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.012957096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.021735907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.022052050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.023897886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.028048038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.029258013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.051806927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.052968979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.056132078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.056298018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.268048048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.269895077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.272185087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.272305012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.279712915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.280644894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.295304060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.297585964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.300323009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.300426006 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.302273989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.302361965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.312762976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.315526009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.315609932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.318043947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.320314884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.320399046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.326967955 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.328928947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.332263947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.332356930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.334444046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.336652040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.340424061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.342434883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.344639063 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.362550974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.365168095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.367197037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.367717981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.369407892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.372647047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.471555948 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.471970081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.472153902 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.472743988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.473249912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.473366022 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.473685980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.474494934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.474617004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.474996090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.475447893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.475497007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.478245974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.479020119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.479106903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.479469061 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.479913950 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.479988098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.480854034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.481267929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.481328964 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.481765032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.482530117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.482610941 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.483077049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.483474016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.484643936 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.484690905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.500216961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.500694990 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.501976967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.504769087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.508707047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.511960983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.557529926 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.705116987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.707045078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.707179070 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.722021103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.727094889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.727243900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.728485107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.736488104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.736630917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.741779089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.746207952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.746316910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.751853943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.752553940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.752657890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.759946108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.761343002 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.761504889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.776341915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.778569937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.778696060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.780694008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.783467054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.783586979 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.785531044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.787417889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.787540913 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.815489054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.819294930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.819452047 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.821120977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.828080893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.828203917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.832106113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.846462965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.900254965 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:41.948214054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:41.992927074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.015578032 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.015811920 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.029752016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.029783964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.029808044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.032109976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.033795118 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.033817053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.047916889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.048613071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.049079895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.049601078 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.050965071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.050982952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.051008940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.057018042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.066740036 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.066778898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.089268923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.089978933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.092966080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.094234943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.096791029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.106240034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.112288952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.118202925 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.121474981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.128454924 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.147033930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.201154947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.234708071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.270946026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.271155119 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.272892952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.276952982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.277036905 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.282968998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.285227060 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.285352945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.289442062 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.317703962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.317842007 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.322472095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.327171087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.327254057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.331425905 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.333450079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.333561897 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.337964058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.338639975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.338721991 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.343700886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.344191074 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.344302893 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.344660997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.345391989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.345474958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.345909119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.346405029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.346477032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.347176075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.347572088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.347637892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.348386049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.348851919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.348918915 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.349050045 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.361192942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.361347914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.372452974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.372885942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.372987986 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.378384113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.379093885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.379193068 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.387684107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.388308048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.388397932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.401177883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.438668966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.438805103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.439172029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.439651966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.439743996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.441498995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.441934109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.442015886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.445655107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.446350098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.446549892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.449198961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.449608088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.449718952 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.450110912 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.450917959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.451071978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.451347113 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.452163935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.452272892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.454953909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.455349922 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.455455065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.455885887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.456665993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.456775904 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.487860918 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.488089085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.488168001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.492665052 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.493210077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.493313074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.493412971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.494121075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.494201899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.495143890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.495663881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.495913982 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.527482033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.528182983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.528299093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.528675079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.529387951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.529473066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.530375957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.537261009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.537416935 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.537581921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.541938066 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.542057037 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.542318106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.546204090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.546303988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.546889067 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.548353910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.548428059 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.549168110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.549599886 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.549666882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.550132036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.552362919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.552447081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.553114891 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.555368900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.555459976 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.556121111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.584940910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.585086107 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.585798979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.586348057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.586404085 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.587459087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.587990046 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.588067055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.588887930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.590858936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.590939045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.591594934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.615065098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.615221024 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.615612030 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.616108894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.616187096 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.616616964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.617444038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.617506981 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.644833088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.645179033 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.645282984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.647861004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.648399115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.648463011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.650144100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.650645018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.650733948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.651357889 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.651890039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.651969910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.652349949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.653141975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.653233051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.655162096 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.655695915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.655778885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.656493902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.656879902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.656954050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.709089994 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.709402084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.709481001 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.709906101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.710660934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.710728884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.711150885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.713210106 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.713272095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.713594913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.714423895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.714544058 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.714873075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.719203949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.719336033 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.719634056 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.720403910 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.720478058 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.720909119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.722985983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.723067999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.723649979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.735223055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.735357046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.735892057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.737947941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.738040924 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.738672018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.743307114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.743424892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.743627071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.746764898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.746876955 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.747172117 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.747905016 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.747992039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.748414040 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.752198935 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.752307892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.752599955 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.753721952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.753820896 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.754122019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.805660009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.805844069 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.806350946 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.806876898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.806993008 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.807581902 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.807816982 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.807903051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.815711021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.816139936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.816234112 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.817888021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.818401098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.818485975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.822149038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.822913885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.823009968 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.823429108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.824124098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.824210882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.825599909 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.826380968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.826446056 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.845256090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.845885038 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.845994949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.846045017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.852411985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.852576017 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.853219986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.854746103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.854873896 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.855108976 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.856443882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.856549978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.856853008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.858158112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.858249903 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.858994007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.859743118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.859827042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.860186100 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.860652924 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.860740900 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.861087084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.861326933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.861386061 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.895226955 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.895603895 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.895689011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.898634911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.899386883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.899463892 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.902038097 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.904257059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.904376984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.904613972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.905121088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.905199051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.905617952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.906333923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.906404018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.909284115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.909842968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.909929037 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.925728083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.926359892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.926465034 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.926837921 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.927356958 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.927436113 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.937603951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.937633991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.937747002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.962821960 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.969222069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.969353914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.969974041 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.969995975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.970088005 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.970103025 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.977792978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.977932930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.978185892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.978811979 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:42.978883028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:42.979103088 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.026424885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.252850056 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.341137886 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.349407911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.349526882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.349848986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.349905014 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.350343943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.350399017 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.350866079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.350948095 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.351635933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.351696014 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.354134083 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.354219913 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.354907990 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.354984045 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.355424881 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.355501890 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.356259108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.356336117 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.358119011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.358158112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.358201981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.358215094 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.358253002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.358272076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.358418941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.358494997 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.358908892 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.358980894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.360024929 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.360119104 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.360213995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.360276937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.360620975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.360686064 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.361385107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.361449003 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.361891985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.361952066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.362554073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.362622023 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.363105059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.363173008 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.363867044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.363936901 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.364587069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.364655972 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.364978075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.365056992 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.365562916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.365632057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.366142988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.366213083 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.366621971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.366677999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.367245913 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.367302895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.368161917 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.368226051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.368371964 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.368438959 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.368906975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.368988037 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.369658947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.369721889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.435000896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.436115980 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.436253071 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.439208031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.439624071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.439687967 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.445379019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.446355104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.446436882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.446862936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.449362993 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.449383974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.449417114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.449665070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.449743032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.451947927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.452667952 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.452733994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.456291914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.458157063 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.458218098 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.459768057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.460639954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.460720062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.462133884 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.462611914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.462693930 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.464381933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.466753006 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.466850996 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.466877937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.467097044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.467165947 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.471945047 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.472381115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.472465038 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.474185944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.476447105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.476550102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.478657961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.479434967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.479546070 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.480106115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.484430075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.484528065 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.487410069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.487953901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.488028049 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.490175009 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.491980076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.492058992 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.640742064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.641149044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.641315937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.641922951 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.642441988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.642509937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.643174887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.649183989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.649334908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.654947042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.655359983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.655491114 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.656122923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.657135963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.657283068 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.672806025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.673379898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.673516035 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.675692081 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.676131010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.676260948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.676843882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.677402973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.677551985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.677871943 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.678648949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.678724051 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.679110050 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.679680109 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.679745913 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.680358887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.680578947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.680664062 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.697705984 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.698101997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.698184013 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.701924086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.702363014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.702810049 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.703151941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.703622103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.703728914 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.708924055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.709392071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.709505081 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.711374044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.712034941 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.712203026 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.713396072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.713438988 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.713660955 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.743721962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.744406939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.744577885 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.746104956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.746606112 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.746773958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.749943972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.750614882 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.750897884 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.751179934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.751673937 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.751749992 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.754327059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.754622936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.754708052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.763421059 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.764046907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.764136076 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.773691893 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.774661064 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.776102066 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.783658981 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.784111023 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.784203053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.784676075 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.785485029 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.785614014 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.785873890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.786658049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.786721945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.787256956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.787653923 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.790122032 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.796363115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.796813011 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.796952963 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.799190998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.799624920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.799715042 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.800153971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.805136919 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.805274010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.805629969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.807415962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.808139086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.808296919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.820174932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.820250988 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.820604086 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.821368933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.821933031 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.822002888 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.860692978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.860791922 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.861146927 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.861938953 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.862010002 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.862365961 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.862869978 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.863100052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.863617897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.867654085 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.867741108 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.868136883 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.868879080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.868994951 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.869368076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.869908094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.870001078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.870628119 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.873455048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.873629093 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.874778986 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.879462957 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.879770041 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.880103111 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.880606890 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.880661964 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.881274939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.884030104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.884073019 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.884102106 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.888185024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.888263941 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.890161037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.892887115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.893007040 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.893429995 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.904582024 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.904603004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.904679060 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.908163071 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.908247948 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.908809900 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.922210932 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.922364950 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.922909975 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.923441887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.923892975 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.931298971 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.931318998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.931473017 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:43.931765079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.932414055 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:43.932482958 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.003269911 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.003631115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.003717899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.004110098 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.004631996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.004693985 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.005439043 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.014777899 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.014811039 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.014928102 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.021164894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.021605968 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.021683931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.022294998 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.022614956 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.022691965 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.023448944 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024087906 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.024163008 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024646997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024673939 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024693966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024713039 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.024717093 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024740934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024749994 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.024765015 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.024782896 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.025137901 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.025229931 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.026635885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.026921034 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.026972055 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.029978991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.071706057 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.071767092 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.073442936 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.074512959 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.074583054 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.075949907 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.076452017 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.076535940 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.076884985 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.077660084 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.077768087 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.081518888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.081949949 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.082056999 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.082274914 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.082813025 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.082886934 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.083168983 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.091303110 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.091475010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.091779947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.092328072 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.092466116 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.092854977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.121615887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.121743917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.126071930 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.126180887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.126318932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.126651049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.127701044 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.128031969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.128093004 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.152688026 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.152712107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.152790070 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.152827978 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.152862072 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.153198004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.179018974 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.179996967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.180183887 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.180670977 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.180907011 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.181008101 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.181241989 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.181349993 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.181925058 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.182851076 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.182954073 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.182979107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.185834885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.188071012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.277565956 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.300555944 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.389712095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.484726906 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.485109091 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.485491991 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.485881090 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.486363888 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.486413956 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.486888885 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.487668037 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.487737894 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.488161087 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.488600969 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.488957882 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.489428997 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.489855051 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.490372896 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.490458012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.491132021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.491614103 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.491681099 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.491852999 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.492377996 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.492438078 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.492958069 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.493626118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.493684053 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.494151115 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.494935036 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.494997025 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.495407104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.495472908 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.495922089 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.496648073 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.496727943 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.497221947 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.497632027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.497697115 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.498425007 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.498960018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.499033928 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.499053001 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.499648094 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.499726057 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.500407934 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.500885010 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.500972986 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.501379967 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.502135992 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.502641916 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.502713919 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.503237963 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.504009962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.504084110 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.504364014 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.504421949 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.504897118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.505647898 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.505703926 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.506153107 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.506344080 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.506413937 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.506927013 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.570771933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.573077917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:44.573164940 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.573434114 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:44.577097893 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:46.821645021 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:46.824886084 CEST497521973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:46.911211967 CEST197349752185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:46.911360025 CEST497521973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:46.913789034 CEST497521973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:47.003103018 CEST197349752185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:47.004415989 CEST497521973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:47.111313105 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:47.111391068 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:47.298830986 CEST197349752185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:47.400553942 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:51.865257025 CEST497521973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:52.004518032 CEST197349752185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:52.004540920 CEST197349752185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:52.004616976 CEST497521973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:56.213742018 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:56.261895895 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:56.345758915 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:56.373466969 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:56.707256079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:56.713129997 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:56.822226048 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:56.871326923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:56.982711077 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:56.989567995 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:57.349298954 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:23:57.349795103 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:23:57.717811108 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:09.527751923 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:10.059956074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:10.454907894 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:10.455321074 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:10.464159966 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:10.559976101 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:10.808336973 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:10.808459044 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:10.813205004 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:10.906013012 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:11.466321945 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:11.502392054 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:11.503356934 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:11.688709021 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:22.679045916 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:22.970401049 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:22.972158909 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:23.068023920 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:23.123533010 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:23.211899042 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:23.264720917 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:23.304332018 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:23.598644972 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:23.599194050 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:23.927966118 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:25.711335897 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:25.764400005 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:25.854360104 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:25.905024052 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.280358076 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.447309971 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:27.447686911 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.448347092 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.560849905 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:27.561892033 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.691301107 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:27.695832014 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.786021948 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:27.827064037 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:27.961674929 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:28.014592886 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:28.518701077 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:28.811944962 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:29.536416054 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:29.895661116 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:30.468847990 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:30.751769066 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:30.751884937 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:31.043864012 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:31.313370943 CEST197549846185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:31.358685017 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:33.440918922 CEST498461975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:33.638075113 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:34.053143978 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:34.055871964 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:34.057297945 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:34.178056955 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:34.182029009 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:34.281511068 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:34.282128096 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:34.369899035 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:34.422013044 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:34.521430969 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:34.578902960 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:35.116707087 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:35.424374104 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:35.796792984 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:36.100073099 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:36.100230932 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:36.144655943 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:36.522053003 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:36.593437910 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:36.829937935 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:36.842670918 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:36.852618933 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:36.905999899 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:36.925029993 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:37.094336033 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:37.172705889 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:37.406666040 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:37.406856060 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:37.454746962 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:37.454936028 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:37.714106083 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:37.744858027 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:38.184685946 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:38.470987082 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.153157949 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.243330002 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.357911110 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.442660093 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.442876101 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.443505049 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.550915956 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.551702976 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.639413118 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.640181065 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.727597952 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.781380892 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:39.869404078 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:39.921967030 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:40.727581024 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:41.017626047 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:41.142906904 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:41.144758940 CEST197549848185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:41.144849062 CEST498481975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:41.187625885 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:41.738835096 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:42.017316103 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:42.469949961 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:42.759624958 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:42.759778976 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:43.048641920 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:43.510828972 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:43.594676018 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:43.870007992 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:43.958825111 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:43.959022999 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:43.959903002 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:44.072144032 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:44.073165894 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:44.161858082 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:44.162317991 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:44.249952078 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:44.297471046 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:44.380892992 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:44.422271013 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:44.990586996 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:45.297363043 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:45.307755947 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:45.387176037 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:46.025208950 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:46.314866066 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:46.986021996 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:47.275397062 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:47.275578976 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:47.564647913 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:47.959990025 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.045850039 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:48.108473063 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.191124916 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:48.191268921 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.191700935 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.306862116 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:48.308074951 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.396863937 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:48.397413015 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.485960007 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:48.532048941 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.617244959 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:48.672683001 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:48.936664104 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:49.225728035 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:49.228813887 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:49.230873108 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:49.317054987 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:49.360146046 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:49.443504095 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:49.482897997 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:49.517972946 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:49.767338991 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:49.767612934 CEST497491973192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:50.057151079 CEST197349749185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:50.247143984 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:50.610404015 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.045176983 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.207566977 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.220853090 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.293664932 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.293692112 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.293879986 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.293972015 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.294207096 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.294286966 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.337321997 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.397026062 CEST197549851185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.403223991 CEST498511975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.405227900 CEST197549850185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.405261993 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.405376911 CEST498501975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.405420065 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.526592016 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.526732922 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.554141998 CEST197549853185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.554328918 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.555032969 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.667011023 CEST197549853185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.681550980 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.771224976 CEST197549853185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.813524961 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:51.818567038 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:51.876167059 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.021945953 CEST197549853185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.021990061 CEST197549853185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.022197962 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.022381067 CEST498531975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.044625998 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.094906092 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.105834007 CEST197549853185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.203604937 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.204147100 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.204278946 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.272500038 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.288850069 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.289079905 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.289515972 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.289607048 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.289971113 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.290131092 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.373606920 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.374022961 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.374080896 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.375235081 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.422988892 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.457588911 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.458199024 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.458292007 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.458914995 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.459295988 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.459378958 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.506899118 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.541836977 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.541924953 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.542454004 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.543243885 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.543318033 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.543730974 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.594825983 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.626571894 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.627002001 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.627063036 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.627712011 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.628187895 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.628277063 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.628679037 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.673010111 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.680691957 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.713835001 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.714263916 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.714337111 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.727771997 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.728099108 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.728306055 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.760891914 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.761359930 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.763400078 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.813694954 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.834182978 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.835005045 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.835124016 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.837486982 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.838038921 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.838116884 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.846559048 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.848568916 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.848678112 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.901184082 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.903016090 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.903131962 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.924721956 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.935242891 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.935297012 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.935458899 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:52.956320047 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:52.956435919 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.001666069 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.003823996 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.003952980 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.010790110 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.013315916 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.013437986 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.036909103 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.038619041 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.038790941 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.044020891 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.046066046 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.046293020 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.048574924 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.091360092 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.091439962 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.093241930 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.098371029 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.100594044 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.100780964 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.139645100 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.139859915 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.141748905 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.144259930 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.144366026 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.146013975 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.148775101 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.148905993 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.176753998 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.177822113 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.178026915 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.196168900 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.199227095 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.199420929 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.199506044 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.225208998 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.225363970 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.241077900 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.243364096 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.243457079 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.245227098 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.249150038 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.249258995 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.250160933 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.265439987 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.265774965 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.281438112 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.285873890 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.287796974 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.287976980 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.288527966 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.310570002 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.310869932 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.312511921 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.312700987 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.329087973 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.329483032 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.334789991 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.334950924 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.343050957 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.343242884 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.345030069 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.345240116 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.347459078 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.347587109 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.358053923 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.358192921 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.360208035 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.360296965 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.373848915 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.374017954 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.376264095 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.376396894 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.376416922 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.376444101 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.379771948 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.411051035 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.411183119 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.412974119 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.422065020 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.422246933 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.438304901 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.440303087 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.441217899 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.445766926 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.447521925 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.447760105 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.452610970 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.454648018 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.454830885 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.470349073 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.472660065 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.472858906 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.475047112 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.477260113 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.477416992 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.504471064 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.506274939 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.506503105 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.510339022 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.512310028 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.512465954 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.526294947 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.533344030 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.533612967 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.557854891 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.560014009 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.560156107 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.562527895 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.564793110 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.566162109 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.569243908 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.569411039 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.569510937 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.581669092 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.583514929 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.583643913 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.588056087 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.641848087 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.642596006 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.644793987 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.644967079 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.669924021 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.674812078 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.675200939 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.683089018 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.686563969 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.686682940 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.701565981 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.706634998 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.708308935 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.711087942 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.711260080 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.711374998 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.713816881 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.716011047 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.716126919 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.723066092 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.724751949 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.724864006 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.732055902 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.739815950 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.740046024 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.741842985 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.766859055 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.768840075 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.773085117 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.775249958 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.775602102 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.802057028 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.807554960 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.807642937 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.807841063 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.830157042 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.830375910 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.833081961 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.835097075 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.835319996 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.839104891 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.841259956 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.841442108 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.846529961 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.848787069 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.848934889 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.860564947 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.867795944 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.868019104 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.869999886 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.872458935 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.872586966 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.874252081 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.874423027 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.874825001 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.901072025 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.903268099 CEST197549852185.157.160.136192.168.2.3
                                    Sep 28, 2021 07:24:53.903399944 CEST498521975192.168.2.3185.157.160.136
                                    Sep 28, 2021 07:24:53.904979944 CEST197549852185.157.160.136192.168.2.3

                                    Code Manipulations

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Analysis Process: 9JbJZPtaKF.exe PID: 6972 Parent PID: 4768

                                    General

                                    Start time:07:23:07
                                    Start date:28/09/2021
                                    Path:C:\Users\user\Desktop\9JbJZPtaKF.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\9JbJZPtaKF.exe'
                                    Imagebase:0x400000
                                    File size:666024 bytes
                                    MD5 hash:133C10454108AA86301F79A03AA24046
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:Visual Basic
                                    Yara matches:
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.280115518.00000000007EF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.280183910.0000000000810000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278483376.00000000007D7000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278249926.0000000000810000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278304939.0000000000805000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278201980.00000000007FA000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278470265.0000000000810000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278264012.00000000007EF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.280278807.0000000000810000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278240068.00000000007EF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000003.278220853.00000000007D7000.00000004.00000001.sdmp, Author: Joe Security
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 7040 Parent PID: 6972

                                    General

                                    Start time:07:23:08
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x2e0000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 7084 Parent PID: 6972

                                    General

                                    Start time:07:23:08
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0xad0000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000004.00000002.544974477.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000004.00000003.356231512.00000000061A4000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000004.00000002.554990912.0000000002EE8000.00000004.00000001.sdmp, Author: Joe Security
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: ct.exe PID: 4644 Parent PID: 3352

                                    General

                                    Start time:07:23:20
                                    Start date:28/09/2021
                                    Path:C:\Users\user\AppData\Roaming\cf\ct.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\AppData\Roaming\cf\ct.exe'
                                    Imagebase:0x400000
                                    File size:666024 bytes
                                    MD5 hash:133C10454108AA86301F79A03AA24046
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:Visual Basic
                                    Yara matches:
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.307140566.00000000006F4000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.306946941.00000000006DF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.306899015.00000000006EA000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.306958807.00000000006FF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.308889804.00000000006FF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.306989450.00000000006DF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.306923152.00000000006C7000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.308874401.00000000006DF000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000B.00000003.308858373.00000000006FF000.00000004.00000001.sdmp, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 40%, ReversingLabs
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 5916 Parent PID: 4644

                                    General

                                    Start time:07:23:21
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0xc50000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000C.00000002.322158875.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: ct.exe PID: 5344 Parent PID: 3352

                                    General

                                    Start time:07:23:28
                                    Start date:28/09/2021
                                    Path:C:\Users\user\AppData\Roaming\cf\ct.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\AppData\Roaming\cf\ct.exe'
                                    Imagebase:0x400000
                                    File size:666024 bytes
                                    MD5 hash:133C10454108AA86301F79A03AA24046
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:Visual Basic
                                    Yara matches:
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.325430436.0000000000723000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.327182152.0000000000744000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.325299126.000000000070C000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.325371450.0000000000744000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.325340924.0000000000723000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.327210322.0000000000723000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.327236288.0000000000744000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.325501534.0000000000739000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000003.325118501.000000000072F000.00000004.00000001.sdmp, Author: Joe Security
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 6740 Parent PID: 5344

                                    General

                                    Start time:07:23:30
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x3c0000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 6756 Parent PID: 5344

                                    General

                                    Start time:07:23:30
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x680000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000011.00000002.340503270.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: cmd.exe PID: 4348 Parent PID: 7084

                                    General

                                    Start time:07:23:48
                                    Start date:28/09/2021
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Windows\System32\cmd.exe' /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe'' & exit
                                    Imagebase:0xd80000
                                    File size:232960 bytes
                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: conhost.exe PID: 2132 Parent PID: 4348

                                    General

                                    Start time:07:23:48
                                    Start date:28/09/2021
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7f20f0000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: powershell.exe PID: 720 Parent PID: 4348

                                    General

                                    Start time:07:23:49
                                    Start date:28/09/2021
                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    Wow64 process (32bit):true
                                    Commandline:powershell ExecutionPolicy Bypass Start-Process -FilePath ''C:\Users\user\AppData\Local\Temp\mmybgd.exe''
                                    Imagebase:0x1110000
                                    File size:430592 bytes
                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: mmybgd.exe PID: 4776 Parent PID: 720

                                    General

                                    Start time:07:24:21
                                    Start date:28/09/2021
                                    Path:C:\Users\user\AppData\Local\Temp\mmybgd.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\AppData\Local\Temp\mmybgd.exe'
                                    Imagebase:0x400000
                                    File size:4731304 bytes
                                    MD5 hash:BDC628B212725C5FD4287591393CB44E
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:Visual Basic
                                    Antivirus matches:
                                    • Detection: 100%, Joe Sandbox ML

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 4676 Parent PID: 4776

                                    General

                                    Start time:07:24:23
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x890000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 0000001F.00000002.544923977.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

                                    Chronological Activities

                                    Analysis Process: bg.exe PID: 6184 Parent PID: 3352

                                    General

                                    Start time:07:24:32
                                    Start date:28/09/2021
                                    Path:C:\Users\user\AppData\Roaming\bp\bg.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\AppData\Roaming\bp\bg.exe'
                                    Imagebase:0x400000
                                    File size:4731304 bytes
                                    MD5 hash:BDC628B212725C5FD4287591393CB44E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:Visual Basic
                                    Yara matches:
                                    • Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000021.00000003.462953448.00000000034F0000.00000004.00000001.sdmp, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, Joe Sandbox ML

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 2532 Parent PID: 6184

                                    General

                                    Start time:07:24:34
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x560000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 5276 Parent PID: 6184

                                    General

                                    Start time:07:24:35
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x330000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 6580 Parent PID: 6184

                                    General

                                    Start time:07:24:35
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x250000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 3176 Parent PID: 6184

                                    General

                                    Start time:07:24:36
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0xbc0000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000025.00000002.476289404.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

                                    Chronological Activities

                                    Analysis Process: bg.exe PID: 7072 Parent PID: 3352

                                    General

                                    Start time:07:24:41
                                    Start date:28/09/2021
                                    Path:C:\Users\user\AppData\Roaming\bp\bg.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\AppData\Roaming\bp\bg.exe'
                                    Imagebase:0x400000
                                    File size:4731304 bytes
                                    MD5 hash:BDC628B212725C5FD4287591393CB44E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:Visual Basic

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 6748 Parent PID: 7072

                                    General

                                    Start time:07:24:42
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x610000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 6696 Parent PID: 7072

                                    General

                                    Start time:07:24:43
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0x500000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    Chronological Activities

                                    Analysis Process: RegAsm.exe PID: 6764 Parent PID: 7072

                                    General

                                    Start time:07:24:43
                                    Start date:28/09/2021
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                    Imagebase:0xc80000
                                    File size:64616 bytes
                                    MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_BitRAT, Description: Yara detected BitRAT, Source: 00000029.00000002.491911455.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

                                    Chronological Activities

                                    Disassembly

                                    Code Analysis

                                    Reset < >

                                      Analysis Process: 9JbJZPtaKF.exe PID: 6972 Parent PID: 4768 9JbJZPtaKF.exeCOMMON

                                      Executed Functions

                                      Function 00479C70, Relevance: 98.6, APIs: 55, Strings: 1, Instructions: 550COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaAryConstruct2.MSVBVM60(?,0041945C,00000011), ref: 00479CA9
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00479CCF
                                      • __vbaUI1I2.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00479CD9
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00479CF1
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00479D03
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,00479D41), ref: 00479D3A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$BoundsErrorGenerate$Construct2Destruct
                                      • String ID: (.@
                                      • API String ID: 239171672-3032778486
                                      • Opcode ID: e62926ce71ecf73154bfcdb35d2f977af5d2bf5a68c3dada18e6d5efa77821e9
                                      • Instruction ID: 0fc066d3a9291a26400f17eda93e5574a605364ede16ab870ec8a47f060e72f1
                                      • Opcode Fuzzy Hash: e62926ce71ecf73154bfcdb35d2f977af5d2bf5a68c3dada18e6d5efa77821e9
                                      • Instruction Fuzzy Hash: 8F22E435600641CFD724DF64C6886EFBBF2FF89701F40842AE98A97761D774A881CB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004034F0, Relevance: 1.8, APIs: 1, Instructions: 263COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: #100
                                      • String ID:
                                      • API String ID: 1341478452-0
                                      • Opcode ID: 205b36d7e43cb77cf063729f783e6b58b524476343156e677cdab9766ea7d2b9
                                      • Instruction ID: 27ea9dd2afc577d9cad671b31cd58fba1df9fa1b07af3f9e9ec54f591d969bb6
                                      • Opcode Fuzzy Hash: 205b36d7e43cb77cf063729f783e6b58b524476343156e677cdab9766ea7d2b9
                                      • Instruction Fuzzy Hash: 3D71293104E3D18FC3439B7488A15917FB1EE4762472E09EBC4C1CE0A3E66E595BDB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047A670, Relevance: 1727.7, APIs: 983, Strings: 2, Instructions: 3982COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#644$BoundsErrorGenerate$CallConstruct2DestructLockProcUnlockWindow
                                      • String ID: p.@$/@
                                      • API String ID: 1475071685-1689489210
                                      • Opcode ID: fa3e63e40846841b159844551f9455e74052818423ba84f403b59ff5476431e5
                                      • Instruction ID: 87f63ac048dc629a7eef90fd55dff3686ef7bf82236c36f5f3cc57481eb36b56
                                      • Opcode Fuzzy Hash: fa3e63e40846841b159844551f9455e74052818423ba84f403b59ff5476431e5
                                      • Instruction Fuzzy Hash: 0A839F20E262A89FD709D7A8D860BEDBF76BF99300F1801BFC5455B383CD655906CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F710, Relevance: 268.6, APIs: 141, Strings: 12, Instructions: 867COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 0047F7CF
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004194CC,000006FC), ref: 0047F7FD
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0047F80A
                                      • __vbaStrMove.MSVBVM60 ref: 0047F81B
                                      • __vbaStrI2.MSVBVM60(00000001,00000000), ref: 0047F826
                                      • __vbaStrMove.MSVBVM60 ref: 0047F82D
                                      • __vbaI2Str.MSVBVM60(00000000), ref: 0047F836
                                      • __vbaFileOpen.MSVBVM60(00000020,000000FF,00000000), ref: 0047F83D
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0047F84D
                                      • __vbaFreeVar.MSVBVM60 ref: 0047F85C
                                      • __vbaNew2.MSVBVM60(004054E0,?), ref: 0047F872
                                      • __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 0047F894
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004194CC,000006FC), ref: 0047F8CD
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0047F8DA
                                      • __vbaStrMove.MSVBVM60 ref: 0047F8E5
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041A330,0000001C), ref: 0047F913
                                      • __vbaI4Var.MSVBVM60(?), ref: 0047F920
                                      • #526.MSVBVM60(?,00000000), ref: 0047F92E
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0047F93B
                                      • __vbaStrMove.MSVBVM60 ref: 0047F946
                                      • __vbaFreeStr.MSVBVM60 ref: 0047F94B
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0047F968
                                      • __vbaStrI2.MSVBVM60(00000001), ref: 0047F973
                                      • __vbaStrMove.MSVBVM60 ref: 0047F97A
                                      • __vbaI2Str.MSVBVM60(00000000), ref: 0047F97D
                                      • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 0047F986
                                      • __vbaFreeStr.MSVBVM60 ref: 0047F98F
                                      • __vbaStrI2.MSVBVM60(00000001), ref: 0047F997
                                      • __vbaStrMove.MSVBVM60 ref: 0047F99E
                                      • __vbaI2Str.MSVBVM60(00000000), ref: 0047F9A1
                                      • __vbaFileClose.MSVBVM60(00000000), ref: 0047F9A4
                                      • __vbaFreeStr.MSVBVM60 ref: 0047F9AD
                                      • __vbaVarDup.MSVBVM60 ref: 0047F9D3
                                      • #711.MSVBVM60(?,?,?,000000FF,00000000), ref: 0047F9EF
                                      • __vbaAryVar.MSVBVM60(00002008,?), ref: 0047FA01
                                      • __vbaAryCopy.MSVBVM60(?,?), ref: 0047FA18
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0047FA2E
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FA55
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FA67
                                      • __vbaR8Str.MSVBVM60(00000000), ref: 0047FA77
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FAAC
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FABE
                                      • __vbaCyStr.MSVBVM60(?), ref: 0047FAD4
                                      • __vbaStrCy.MSVBVM60(00000000), ref: 0047FAD8
                                      • __vbaStrMove.MSVBVM60 ref: 0047FAE3
                                      • __vbaStrCat.MSVBVM60(000,00000000), ref: 0047FAEB
                                      • __vbaStrMove.MSVBVM60 ref: 0047FAF6
                                      • __vbaCyStr.MSVBVM60(00000000), ref: 0047FAF9
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0047FB09
                                      • __vbaI4Cy.MSVBVM60(00000000), ref: 0047FB14
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 0047FB20
                                      • __vbaNew2.MSVBVM60(004055D4,?), ref: 0047FB36
                                      • __vbaStrCopy.MSVBVM60 ref: 0047FB47
                                      • __vbaAryLock.MSVBVM60(?,?), ref: 0047FB55
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FB79
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FB8B
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419384,00000028), ref: 0047FBB7
                                      • __vbaAryUnlock.MSVBVM60(?), ref: 0047FBC1
                                      • __vbaStrMove.MSVBVM60 ref: 0047FBD4
                                      • __vbaFreeStr.MSVBVM60 ref: 0047FBD9
                                      • #717.MSVBVM60(?,00000008,00000080,00000000), ref: 0047FC07
                                      • __vbaVar2Vec.MSVBVM60(?,?), ref: 0047FC1B
                                      • __vbaAryMove.MSVBVM60(?,?), ref: 0047FC2C
                                      • __vbaFreeVar.MSVBVM60 ref: 0047FC38
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FC62
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FC76
                                      • __vbaR8Str.MSVBVM60(?), ref: 0047FC82
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FCB7
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FCC5
                                      • __vbaStrCopy.MSVBVM60 ref: 0047FCD3
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FCF7
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FD05
                                      • __vbaStrCmp.MSVBVM60(AppData,00000000), ref: 0047FD16
                                      • __vbaVarDup.MSVBVM60 ref: 0047FD45
                                      • #666.MSVBVM60(?,?), ref: 0047FD59
                                      • __vbaVarCat.MSVBVM60(?,?,?), ref: 0047FDA6
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 0047FDB7
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 0047FDC8
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0047FDCB
                                      • __vbaStrMove.MSVBVM60 ref: 0047FDD6
                                      • __vbaFreeVarList.MSVBVM60(00000005,?,?,?,?,?), ref: 0047FDFD
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FE31
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FE49
                                      • __vbaStrCopy.MSVBVM60 ref: 0047FE57
                                      • __vbaStrCat.MSVBVM60(?,?), ref: 0047FE65
                                      • __vbaStrMove.MSVBVM60 ref: 0047FE70
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FE90
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FEA2
                                      • __vbaStrCopy.MSVBVM60 ref: 0047FEB0
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0047FEC8
                                      • __vbaFreeStr.MSVBVM60 ref: 0047FECD
                                      • #716.MSVBVM60(?,WScript.shell,00000000), ref: 0047FEE1
                                      • __vbaVarSetVar.MSVBVM60(?,?), ref: 0047FEF2
                                      • __vbaStrCat.MSVBVM60(?,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\), ref: 0047FF07
                                      • __vbaStrCat.MSVBVM60(?,?), ref: 0047FF1D
                                      • __vbaObjVar.MSVBVM60(?,RegWrite,00000003), ref: 0047FFAC
                                      • __vbaLateMemCall.MSVBVM60(00000000), ref: 0047FFB3
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0047FFC9
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047FFF6
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00480004
                                      • __vbaStrCmp.MSVBVM60(self), ref: 00480015
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00480041
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0048004F
                                      • __vbaStrCopy.MSVBVM60 ref: 00480066
                                      • __vbaStrCmp.MSVBVM60(net4,?), ref: 00480074
                                      • __vbaVarDup.MSVBVM60 ref: 0048009E
                                      • #667.MSVBVM60(?), ref: 004800AB
                                      • __vbaStrMove.MSVBVM60 ref: 004800B6
                                      • __vbaStrCat.MSVBVM60(\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000), ref: 004800BE
                                      • __vbaStrMove.MSVBVM60 ref: 004800C9
                                      • __vbaFreeStr.MSVBVM60 ref: 004800CE
                                      • __vbaFreeVar.MSVBVM60 ref: 004800DA
                                      • __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 004800F3
                                      • __vbaStrCopy.MSVBVM60 ref: 00480104
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004194CC,000006F8), ref: 00480134
                                      • __vbaFreeStr.MSVBVM60 ref: 0048013D
                                      • __vbaFreeVar.MSVBVM60 ref: 00480149
                                      • __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 0048016D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004194CC,000006FC), ref: 0048019B
                                      • __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 004801B4
                                      • __vbaStrCopy.MSVBVM60 ref: 004801C5
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 004801D2
                                      • __vbaStrMove.MSVBVM60 ref: 004801DD
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004194CC,000006F8), ref: 0048020D
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 0048021D
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00480233
                                      • __vbaFreeStr.MSVBVM60(00480316), ref: 004802B7
                                      • __vbaFreeStr.MSVBVM60 ref: 004802BC
                                      • __vbaFreeStr.MSVBVM60 ref: 004802C1
                                      • __vbaFreeObj.MSVBVM60 ref: 004802CC
                                      • __vbaFreeStr.MSVBVM60 ref: 004802D1
                                      • __vbaFreeVar.MSVBVM60 ref: 004802D6
                                      • __vbaFreeStr.MSVBVM60 ref: 004802DF
                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004802ED
                                      • __vbaFreeStr.MSVBVM60 ref: 004802F2
                                      • __vbaFreeStr.MSVBVM60 ref: 004802F7
                                      • __vbaFreeStr.MSVBVM60 ref: 004802FC
                                      • __vbaFreeStr.MSVBVM60 ref: 00480301
                                      • __vbaFreeStr.MSVBVM60 ref: 00480306
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$ErrorMove$BoundsGenerate$CopyList$CheckHresultNew2$File$#526#666#667#711#716#717CallCloseDestructGet3LateLockOpenSystemUnlockVar2
                                      • String ID: 000$2W2O;S<_[O=bWdO[2O7U`O_4cbP]Z.$AppData$EXDXbXKLDXqeXkXIlekXmXBfjdhjXcXGlkbX$HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\$REG_SZ$RegWrite$WScript.shell$WinDir$\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$net4$self
                                      • API String ID: 696962068-2770134064
                                      • Opcode ID: 63a4c1b49105c588a175ca18efe47aec19f74d9eba7dc53cab7928ff48bd7d9f
                                      • Instruction ID: 52465d3eda36aea2b11a228a50641eb21e1d64e0b4cbdf6413c3d6972ddcc791
                                      • Opcode Fuzzy Hash: 63a4c1b49105c588a175ca18efe47aec19f74d9eba7dc53cab7928ff48bd7d9f
                                      • Instruction Fuzzy Hash: D0725C70900219DFDB14DFA4DD84FEEB779FB88304F2081AAE405A7261DB74A986CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047E600, Relevance: 112.6, APIs: 61, Strings: 3, Instructions: 593COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,00402FE6), ref: 0047E61E
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,00402FE6), ref: 0047E657
                                      • __vbaAryConstruct2.MSVBVM60(?,004195E0,00000002,?,?,?,?,00402FE6), ref: 0047E671
                                      • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,00402FE6), ref: 0047E680
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,00402FE6), ref: 0047E695
                                      • __vbaLenBstr.MSVBVM60(?,?,?,?,?,00402FE6), ref: 0047E6A6
                                      • __vbaLenBstr.MSVBVM60(?,?,?,?,?,00402FE6), ref: 0047E6C0
                                      • __vbaFreeStr.MSVBVM60(0047EFE4), ref: 0047EFA4
                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0047EFBC
                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0047EFC8
                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0047EFD4
                                      • __vbaFreeStr.MSVBVM60 ref: 0047EFDD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Destruct$BstrCopyFree$ChkstkConstruct2Error
                                      • String ID: )$X/@/@$xrkxjpwnv
                                      • API String ID: 3246563234-1005081820
                                      • Opcode ID: af83133b2f17798cf0b9608377ad108f79506726a4b9ee9b2fca6898cb0a5e46
                                      • Instruction ID: b4df9a3fa452f73a25ef7503c3b90d0b2039381383fa6e09504bceb8409d05fa
                                      • Opcode Fuzzy Hash: af83133b2f17798cf0b9608377ad108f79506726a4b9ee9b2fca6898cb0a5e46
                                      • Instruction Fuzzy Hash: B0520674900219DFDB24DFA4CA48BDDBBB1FF09304F1082EAE54AAB290D7785A85CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004056C5, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCmp.MSVBVM60(00412C18), ref: 00479DA2
                                      • __vbaUbound.MSVBVM60(00000001), ref: 00479DBB
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479DDB
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479DFD
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479E0F
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479E2A
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479E4D
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479E6B
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479E7D
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479E9B
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479EB9
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479ED2
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479EE4
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479EFF
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479F22
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479F4E
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00479F54
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00479F76
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00479F80
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00479FCE
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0047A026
                                      • __vbaI2I4.MSVBVM60 ref: 0047A02E
                                      • #631.MSVBVM60(?,?,?), ref: 0047A07D
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0047A088
                                      • #516.MSVBVM60(00000000,?,?), ref: 0047A08F
                                      • __vbaUI1I2.MSVBVM60(?,?), ref: 0047A097
                                      • __vbaFreeStr.MSVBVM60(?,?), ref: 0047A0A3
                                      • __vbaFreeVar.MSVBVM60(?,?), ref: 0047A0AC
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?), ref: 0047A0E8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$BoundsGenerate$Free$#516#631BstrMoveOverflowUbound
                                      • String ID: (.@
                                      • API String ID: 600751312-3032778486
                                      • Opcode ID: efd62488595868a09aeea767084919b87c60215e61478c6c0435ada5d05ce0ac
                                      • Instruction ID: 3c6819743e8b6e8ddd18b24ff3541d89c60ec3c952314e9c4a679c449c03a082
                                      • Opcode Fuzzy Hash: efd62488595868a09aeea767084919b87c60215e61478c6c0435ada5d05ce0ac
                                      • Instruction Fuzzy Hash: 8371C3356046418FD729CF78C684ADABBF2BF8E300F55846AD98A87761C734AC41CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F3D0, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      • #716.MSVBVM60(?,Scripting.FileSystemObject,00000000,00000000,660E6C4A,00000008), ref: 0047F411
                                      • __vbaObjVar.MSVBVM60(?), ref: 0047F41B
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0047F426
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0047F435
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 0047F464
                                      • __vbaVarNot.MSVBVM60(?,00000000), ref: 0047F472
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 0047F479
                                      • __vbaFreeVar.MSVBVM60 ref: 0047F484
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,CreateFolder,00000001), ref: 0047F4B8
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0047F4C2
                                      • __vbaStrMove.MSVBVM60 ref: 0047F4CD
                                      • __vbaFreeVar.MSVBVM60 ref: 0047F4D6
                                      • __vbaFreeObj.MSVBVM60(0047F50C), ref: 0047F505
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CallLateMove$#716AddrefBoolNull
                                      • String ID: CreateFolder$FolderExists$Scripting.FileSystemObject
                                      • API String ID: 1044467604-1669112626
                                      • Opcode ID: 6d3e988e51ddcba33461d468b8226c09b1f459be16674e400664198f1d80749e
                                      • Instruction ID: e10940c64f2bcf15de7d824e2ca634638e2f9daaf1dcd40de979f24c39645a22
                                      • Opcode Fuzzy Hash: 6d3e988e51ddcba33461d468b8226c09b1f459be16674e400664198f1d80749e
                                      • Instruction Fuzzy Hash: 95312CB1D00209AFCB04DFA8D985AEEBBB8FB08704F10C46AE515F7260D6359546CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F190, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(660DC410,660E6C30,00000008,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F1D9
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6,?), ref: 0047F1E1
                                        • Part of subcall function 0047F2F0: #716.MSVBVM60(?,Scripting.FileSystemObject,00000000,00000000,660E6C4A,00000008,?,?,?,?,?,?,?,?,?,?), ref: 0047F32B
                                        • Part of subcall function 0047F2F0: __vbaObjVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6,0047F1EC), ref: 0047F335
                                        • Part of subcall function 0047F2F0: __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00402FE6,0047F1EC), ref: 0047F340
                                        • Part of subcall function 0047F2F0: __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6,0047F1EC), ref: 0047F34F
                                        • Part of subcall function 0047F2F0: __vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 0047F37E
                                        • Part of subcall function 0047F2F0: __vbaBoolVar.MSVBVM60(00000000), ref: 0047F388
                                        • Part of subcall function 0047F2F0: __vbaFreeVar.MSVBVM60 ref: 0047F394
                                        • Part of subcall function 0047F2F0: __vbaFreeObj.MSVBVM60(0047F3B1), ref: 0047F3AA
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6,?), ref: 0047F1FC
                                        • Part of subcall function 0047F3D0: #716.MSVBVM60(?,Scripting.FileSystemObject,00000000,00000000,660E6C4A,00000008), ref: 0047F411
                                        • Part of subcall function 0047F3D0: __vbaObjVar.MSVBVM60(?), ref: 0047F41B
                                        • Part of subcall function 0047F3D0: __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0047F426
                                        • Part of subcall function 0047F3D0: __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0047F435
                                        • Part of subcall function 0047F3D0: __vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 0047F464
                                        • Part of subcall function 0047F3D0: __vbaVarNot.MSVBVM60(?,00000000), ref: 0047F472
                                        • Part of subcall function 0047F3D0: __vbaBoolVarNull.MSVBVM60(00000000), ref: 0047F479
                                        • Part of subcall function 0047F3D0: __vbaFreeVar.MSVBVM60 ref: 0047F484
                                        • Part of subcall function 0047F3D0: __vbaLateMemCallLd.MSVBVM60(?,?,CreateFolder,00000001), ref: 0047F4B8
                                        • Part of subcall function 0047F3D0: __vbaStrVarMove.MSVBVM60(00000000), ref: 0047F4C2
                                        • Part of subcall function 0047F3D0: __vbaStrMove.MSVBVM60 ref: 0047F4CD
                                        • Part of subcall function 0047F3D0: __vbaFreeVar.MSVBVM60 ref: 0047F4D6
                                        • Part of subcall function 0047F3D0: __vbaFreeObj.MSVBVM60(0047F50C), ref: 0047F505
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6,?), ref: 0047F20C
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F21C
                                      • __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 0047F238
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004194CC,000006FC), ref: 0047F263
                                      • __vbaStrVarVal.MSVBVM60(?,?,?), ref: 0047F275
                                      • #576.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0047F27C
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F285
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F28E
                                      • __vbaFreeStr.MSVBVM60(0047F2D8,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6,?), ref: 0047F2D0
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6,?), ref: 0047F2D5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CallCopyLateMove$#716AddrefBool$#576CheckHresultListNew2Null
                                      • String ID: p/@
                                      • API String ID: 2025684622-3480275135
                                      • Opcode ID: a2aee15afc430ee1f17f8dccd4e0c0b171ae70d7cc949abe35b15def5346b85c
                                      • Instruction ID: 96349e76edf502f3b13ad5dd8f187860ce0b1ea65c5bcffa9efc90e158a5c62b
                                      • Opcode Fuzzy Hash: a2aee15afc430ee1f17f8dccd4e0c0b171ae70d7cc949abe35b15def5346b85c
                                      • Instruction Fuzzy Hash: 08313E75D0010AABCB00EFA4DD499EEBBB8EF54704F10816AE505B31A4DB75694ACB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004056D2, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0047A026
                                      • __vbaI2I4.MSVBVM60 ref: 0047A02E
                                      • #631.MSVBVM60(?,?,?), ref: 0047A07D
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0047A088
                                      • #516.MSVBVM60(00000000,?,?), ref: 0047A08F
                                      • __vbaUI1I2.MSVBVM60(?,?), ref: 0047A097
                                      • __vbaFreeStr.MSVBVM60(?,?), ref: 0047A0A3
                                      • __vbaFreeVar.MSVBVM60(?,?), ref: 0047A0AC
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?), ref: 0047A0E8
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A152
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A16B
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A17D
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A195
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A1B8
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A1CA
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A1ED
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A20B
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A21D
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0047A23B
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0047A29A
                                      • __vbaGenerateBoundsError.MSVBVM60(00000000,?,?,?), ref: 0047A2D6
                                      • __vbaGenerateBoundsError.MSVBVM60(00000000,?,?,?), ref: 0047A2E8
                                      • __vbaUI1I2.MSVBVM60(00000000,?,?,?), ref: 0047A2FE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$BoundsGenerate$Free$#516#631BstrMoveOverflow
                                      • String ID: (.@
                                      • API String ID: 2934445619-3032778486
                                      • Opcode ID: b36b4dc9f3703eeef50424941498164d132d370d9921b52a039e9cf2530312b3
                                      • Instruction ID: 07fd633dba588ab04933434a8da586feaf2b9428742877d84ce2c81787d23133
                                      • Opcode Fuzzy Hash: b36b4dc9f3703eeef50424941498164d132d370d9921b52a039e9cf2530312b3
                                      • Instruction Fuzzy Hash: 21310338801245DBC714DFB0C6486EEBBF5FF58700F40842AE882A7B60D779A945CB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F2F0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • #716.MSVBVM60(?,Scripting.FileSystemObject,00000000,00000000,660E6C4A,00000008,?,?,?,?,?,?,?,?,?,?), ref: 0047F32B
                                      • __vbaObjVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6,0047F1EC), ref: 0047F335
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00402FE6,0047F1EC), ref: 0047F340
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6,0047F1EC), ref: 0047F34F
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 0047F37E
                                      • __vbaBoolVar.MSVBVM60(00000000), ref: 0047F388
                                      • __vbaFreeVar.MSVBVM60 ref: 0047F394
                                      • __vbaFreeObj.MSVBVM60(0047F3B1), ref: 0047F3AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#716AddrefBoolCallLate
                                      • String ID: FolderExists$Scripting.FileSystemObject
                                      • API String ID: 3553085135-3282412286
                                      • Opcode ID: 6ad57ac9d3bc226fc37fa8c6d710bc4c5ae1a26a1e2a5d404a620bf3e280e2cd
                                      • Instruction ID: d12b715db09599c93f82f94376a1e24b769685a696fd69cda50a4bcf55422cfe
                                      • Opcode Fuzzy Hash: 6ad57ac9d3bc226fc37fa8c6d710bc4c5ae1a26a1e2a5d404a620bf3e280e2cd
                                      • Instruction Fuzzy Hash: 6C216371D0020AAFCB04DFA4D949AEEBFB8FB08710F00856AF505B7250D774A585CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047A540, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`.@,00419384,00000020,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A5A9
                                      • __vbaAryMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A5BB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`.@,00419384,0000001C,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A5DC
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`.@,00419384,00000024,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A5F9
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A604
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0047A641,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A637
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047A63E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$DestructMove
                                      • String ID: `.@$/@
                                      • API String ID: 4208971849-3363032395
                                      • Opcode ID: 5988114ca17fa4a9b9b21d70352e38d3eec66006f6df2301ee86f64ec7f18859
                                      • Instruction ID: 4e95d638f241f10809497581b741049223a40f5e3eed5c863bef284132b1763f
                                      • Opcode Fuzzy Hash: 5988114ca17fa4a9b9b21d70352e38d3eec66006f6df2301ee86f64ec7f18859
                                      • Instruction Fuzzy Hash: DD313EB1900209AFDB00DF95CD88DEEBBBCFF88704F10852AE505A3140D778A9468BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F620, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F670
                                      • __vbaSetSystemError.MSVBVM60(00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F67E
                                      • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F689
                                      • __vbaStrI4.MSVBVM60(00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F690
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 0047F69B
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 0047F6A4
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 0047F6B0
                                      • __vbaFreeStr.MSVBVM60(0047F6E0,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F6D9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$AnsiCopyErrorMoveSystemUnicode
                                      • String ID: /@
                                      • API String ID: 4154983863-2163338593
                                      • Opcode ID: e737ebf3031574f2d31f7125ed06ed9204f5c8728c21a1d1e5d0b075f3fa40ca
                                      • Instruction ID: c763c47d74e31a1495bc1367131799dd80c8b84717c1577a9a6833ee85a28eb5
                                      • Opcode Fuzzy Hash: e737ebf3031574f2d31f7125ed06ed9204f5c8728c21a1d1e5d0b075f3fa40ca
                                      • Instruction Fuzzy Hash: 6E11DD75900119EFCB00DFA4CA499EEBBB8FF48705F10816AF905A3260DB785945CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00405DE7, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,X/@/@,0041949C,000002B4), ref: 0047F07B
                                      • __vbaEnd.MSVBVM60(?,?,?,?,?,Function_00002FE6), ref: 0047F086
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult
                                      • String ID: 7$X/@/@
                                      • API String ID: 713191129-1074107278
                                      • Opcode ID: 83e5350fb252f096dd6ace2e6124c6cfb9fb5100383324e533328d6a9338a635
                                      • Instruction ID: 5c78cd1839d3393ed9279ea5339184633524499bf65c6ec0b789e203ab94b614
                                      • Opcode Fuzzy Hash: 83e5350fb252f096dd6ace2e6124c6cfb9fb5100383324e533328d6a9338a635
                                      • Instruction Fuzzy Hash: 9B118E75A00208FBC710EF58CA49B8EBBF8FF09710F10816AF849A7291C7785D45CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004056EC, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • #717.MSVBVM60(?,?,00000080,00000000), ref: 0047A3BE
                                      • __vbaVar2Vec.MSVBVM60(?,?), ref: 0047A3CC
                                      • __vbaAryMove.MSVBVM60(?,?), ref: 0047A3DA
                                      • __vbaFreeVar.MSVBVM60 ref: 0047A3E3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#717FreeMoveVar2
                                      • String ID:
                                      • API String ID: 2839263985-0
                                      • Opcode ID: 1332c43c4d789d3301412d2dc50674f4a6f10244d18f26469a6039712ac15292
                                      • Instruction ID: e27e7bb42938c3ffd04e2ed0676df56e583031ee7b294e9aab7be59cc0ca5b55
                                      • Opcode Fuzzy Hash: 1332c43c4d789d3301412d2dc50674f4a6f10244d18f26469a6039712ac15292
                                      • Instruction Fuzzy Hash: D111A7B5C10219AFCB04DF99D949AEEBBB8FB48704F10C12AF505B2160D6B45545CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F530, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402FA0,0041A330,00000020), ref: 0047F590
                                      • __vbaVarMove.MSVBVM60 ref: 0047F5AC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresultMove
                                      • String ID: /@
                                      • API String ID: 2216147808-2163338593
                                      • Opcode ID: 93389b89ea52183b84e33c10dce13b240a872fbb72c61de5dbbf81421a2628b7
                                      • Instruction ID: 3b87def83db1241324cc9a51238874f96bc08696acf7f35b8cd1301d71a7cb9f
                                      • Opcode Fuzzy Hash: 93389b89ea52183b84e33c10dce13b240a872fbb72c61de5dbbf81421a2628b7
                                      • Instruction Fuzzy Hash: 6511D6B4901209EFCB00DF99C989ADEFFF8FF58754F20805AF845A3260D7B459458B65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00479C00, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0047F710: __vbaNew2.MSVBVM60(00405BE4,00482178), ref: 0047F7CF
                                        • Part of subcall function 0047F710: __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004194CC,000006FC), ref: 0047F7FD
                                        • Part of subcall function 0047F710: __vbaStrVarMove.MSVBVM60(?), ref: 0047F80A
                                        • Part of subcall function 0047F710: __vbaStrMove.MSVBVM60 ref: 0047F81B
                                        • Part of subcall function 0047F710: __vbaStrI2.MSVBVM60(00000001,00000000), ref: 0047F826
                                        • Part of subcall function 0047F710: __vbaStrMove.MSVBVM60 ref: 0047F82D
                                        • Part of subcall function 0047F710: __vbaI2Str.MSVBVM60(00000000), ref: 0047F836
                                        • Part of subcall function 0047F710: __vbaFileOpen.MSVBVM60(00000020,000000FF,00000000), ref: 0047F83D
                                        • Part of subcall function 0047F710: __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0047F84D
                                        • Part of subcall function 0047F710: __vbaFreeVar.MSVBVM60 ref: 0047F85C
                                      • __vbaFreeVar.MSVBVM60(?), ref: 00479C3C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$CheckFileHresultListNew2Open
                                      • String ID:
                                      • API String ID: 3527306096-0
                                      • Opcode ID: 1af8793f237c6140daf649ed72b14f6b996b95030e09beb68e074c5b43100c6e
                                      • Instruction ID: 3ade8490d2630fa026731f3340c705257a0dfb554be286251cd0b5e5b0467b4b
                                      • Opcode Fuzzy Hash: 1af8793f237c6140daf649ed72b14f6b996b95030e09beb68e074c5b43100c6e
                                      • Instruction Fuzzy Hash: 66E01275840648EBCF01EB94CE49BDDBBBCBB04B44F60842AF405B2590D77C55098AB9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 0045D710, Relevance: 243.0, APIs: 134, Strings: 4, Instructions: 1512COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$BoundsErrorGenerate_adj_fdiv_m64$DestructFree
                                      • String ID: X"@$gfff$random$/@
                                      • API String ID: 1100400698-3763535140
                                      • Opcode ID: 6cc26585448c025d5b9cc0291a06e6e9cc4d3c0ab3d817efae4a3729a7ae0c0c
                                      • Instruction ID: 766e679ec4e8f19a3d3447feab3492d9184300f3e42da0ca5a6c45706159ecc7
                                      • Opcode Fuzzy Hash: 6cc26585448c025d5b9cc0291a06e6e9cc4d3c0ab3d817efae4a3729a7ae0c0c
                                      • Instruction Fuzzy Hash: 44D28A74D00219DFCB18DFA5C988AEEBBB9FF48301F20816EE805A7251D774594ACF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044FF30, Relevance: 212.7, APIs: 120, Strings: 1, Instructions: 952COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,00402FE6), ref: 0044FF4E
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00402FE6), ref: 0044FF87
                                      • __vbaChkstk.MSVBVM60 ref: 0044FFC6
                                      • __vbaLateIdSt.MSVBVM60(?,00000001), ref: 0044FFEA
                                      • __vbaChkstk.MSVBVM60 ref: 0045001C
                                      • __vbaLateIdSt.MSVBVM60(?,00000001), ref: 00450040
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00450053
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0045006B
                                      • __vbaOnError.MSVBVM60(000000FF), ref: 0045008D
                                      • #556.MSVBVM60(00006003), ref: 004500AE
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 004500DB
                                      • __vbaRedimPreserve.MSVBVM60(00000080,00000004,?,00000003,00000001,?,00000000), ref: 0045010C
                                      • __vbaRedimPreserve.MSVBVM60(00000080,00000004,?,00000003,00000001,?,00000000,?,?,?,?,?,?,00402FE6), ref: 0045013D
                                      • __vbaUbound.MSVBVM60(00000001,00000000), ref: 0045016B
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00450194
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 004501A8
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000008,00000000), ref: 004501BD
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004501C7
                                      • __vbaFreeVar.MSVBVM60 ref: 004501DF
                                      • __vbaUbound.MSVBVM60(00000001,00000000), ref: 0045020A
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00450236
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00450250
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00450268
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00450272
                                      • __vbaFreeVar.MSVBVM60 ref: 0045028D
                                      • __vbaAryLock.MSVBVM60(?,?), ref: 004502AA
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 004502C8
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 004502EE
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00450308
                                      • __vbaChkstk.MSVBVM60 ref: 0045032F
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 00450353
                                      • __vbaAryUnlock.MSVBVM60(00000000), ref: 0045035D
                                      • __vbaAryLock.MSVBVM60(00000000,?), ref: 00450375
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 00450393
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 004503B9
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 004503D3
                                      • __vbaChkstk.MSVBVM60 ref: 004503FA
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0045041E
                                      • __vbaAryUnlock.MSVBVM60(00000000), ref: 00450428
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 0045043E
                                      • __vbaUbound.MSVBVM60(00000001,?,00000000), ref: 0045045A
                                      • __vbaRedimPreserve.MSVBVM60(00000080,00000004,?,00000003,00000001,-00000001), ref: 0045047C
                                      • __vbaUbound.MSVBVM60(00000001,?,00000000), ref: 00450497
                                      • __vbaRedimPreserve.MSVBVM60(00000080,00000004,?,00000003,00000001,-00000001), ref: 004504B9
                                      • __vbaRedimPreserve.MSVBVM60(00000080,00000004,?,00000003,00000001,00000000,00000000), ref: 004504E1
                                      • __vbaRedimPreserve.MSVBVM60(00000080,00000004,?,00000003,00000001,00000000,00000000), ref: 00450507
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0045051D
                                      • __vbaOnError.MSVBVM60(00000000), ref: 0045052C
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,00450561), ref: 00450557
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$BoundsGenerateUbound$LatePreserveRedim$Chkstk$Addref$Free$CallLockUnlock$#556List
                                      • String ID: #
                                      • API String ID: 3690469761-1885708031
                                      • Opcode ID: 21c7e1429b76311bcb25338d305565e92a107b80c67cda99f4e5072112ae4071
                                      • Instruction ID: 7463fef06cdafa391df0949a1c7874e1bcd0b74a5b4bde336ecafa481d51db5a
                                      • Opcode Fuzzy Hash: 21c7e1429b76311bcb25338d305565e92a107b80c67cda99f4e5072112ae4071
                                      • Instruction Fuzzy Hash: 7C827074A00208EFDB04DFA4CD89BAEBBB5FF48705F108159E905AB3A1D774A985CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00459460, Relevance: 112.4, APIs: 60, Strings: 4, Instructions: 441COMMON
                                      Download Yara Rule
                                      APIs
                                      • #616.MSVBVM60(?,00459B3E,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004594BB
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004594C6
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004594CF
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 004594E7
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004594F7
                                      • __vbaInStr.MSVBVM60(00000000,00412B58,?,00000000), ref: 0045950F
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000000), ref: 0045951F
                                      • #631.MSVBVM60(?,00000000,?), ref: 0045953E
                                      • __vbaStrMove.MSVBVM60 ref: 00459549
                                      • __vbaFreeStr.MSVBVM60(00459579), ref: 00459572
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$#616#631Copy
                                      • String ID: ;}}${\colortbl${\fonttbl$/@
                                      • API String ID: 2313960317-3943955595
                                      • Opcode ID: ef7cb68b9ead517a0795226859aa2109b97a0c9aa2ce5c138920221d4178b125
                                      • Instruction ID: d9acd8bf7bf17633b12381b4bdb8b338a29a88b8791c10da702a360d0b43cfa3
                                      • Opcode Fuzzy Hash: ef7cb68b9ead517a0795226859aa2109b97a0c9aa2ce5c138920221d4178b125
                                      • Instruction Fuzzy Hash: 2F02D8B5D00219AFCB04EFA5DD899EEBBB8FF48701F10412AF902B7264D7746945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00452290, Relevance: 109.0, APIs: 61, Strings: 1, Instructions: 475COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 004522DB
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFD,00000000), ref: 00452302
                                      • __vbaI4Var.MSVBVM60(?,0000043A,00000001,00000054), ref: 0045231D
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00452329
                                      • __vbaFreeVar.MSVBVM60 ref: 00452335
                                      • __vbaExitProc.MSVBVM60 ref: 0045235E
                                      • __vbaErrorOverflow.MSVBVM60 ref: 004523D5
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000000), ref: 00452429
                                      • __vbaUbound.MSVBVM60(00000001), ref: 00452430
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045243A
                                      • __vbaLbound.MSVBVM60(00000001,?), ref: 00452447
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045245A
                                      • __vbaLbound.MSVBVM60(00000001), ref: 00452461
                                      • __vbaRefVarAry.MSVBVM60(?,00000000), ref: 00452465
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 0045246C
                                      • __vbaRedim.MSVBVM60(00000080,00000004,?,00000003,00000001,00000000), ref: 00452482
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045248C
                                      • __vbaLbound.MSVBVM60(00000001), ref: 00452493
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00452499
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 004524A0
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004524AA
                                      • __vbaLbound.MSVBVM60(00000001), ref: 004524B1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Lbound$ErrorUbound$CallExitFreeLateOverflowProcRedimSystem
                                      • String ID: T
                                      • API String ID: 3739991497-3187964512
                                      • Opcode ID: 2d27decb7d5c8f509b46b1fe7f639d2ef40ad15babc33fb41146fd528b02a653
                                      • Instruction ID: a5653ccc26f676272e82117a2b007cbd22a2fb496fc3a98d13b0a62b7553370b
                                      • Opcode Fuzzy Hash: 2d27decb7d5c8f509b46b1fe7f639d2ef40ad15babc33fb41146fd528b02a653
                                      • Instruction Fuzzy Hash: D3026270D002089FDB04DFA8CE89BAEBBB9FF49700F10816AE905E7261D7B49945CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040B50D, Relevance: .5, Instructions: 459COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b8444a69c8f666ef1b0c7eae905f9f5ec41786db25fe77f7a1de67c4f11bd6eb
                                      • Instruction ID: 4e60c1239b37775cce62570d6cb15e607f0cdc2aedf1a4f2e01719976b52b679
                                      • Opcode Fuzzy Hash: b8444a69c8f666ef1b0c7eae905f9f5ec41786db25fe77f7a1de67c4f11bd6eb
                                      • Instruction Fuzzy Hash: 3D31ACCA84D3C22FEB96267528562C32BD19F2365C70720EBC597CE093F15D0E4BA716
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040350C, Relevance: .2, Instructions: 243COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 92ba3aebdd78b86914ff762d8d1e82f73a2907ae97076a2998d745e960ab0245
                                      • Instruction ID: 3badadf2914985bef8b47a5418c9cdedd83d5231bdd196db57db64409c472e2a
                                      • Opcode Fuzzy Hash: 92ba3aebdd78b86914ff762d8d1e82f73a2907ae97076a2998d745e960ab0245
                                      • Instruction Fuzzy Hash: 0161263104E3D18FC3438B7888A15917FB1EE4762872D09EBC4C1CE0A3E26E595BDB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040A2FB, Relevance: .2, Instructions: 232COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 87222169474f11a9f6fcdad168c123b6be9283d20bc89fa2b7fd23c359c67e14
                                      • Instruction ID: 7d633a7bc3ac25c4af67aff043197f27de3bed5b3f6beb22c76fa29e3dd97242
                                      • Opcode Fuzzy Hash: 87222169474f11a9f6fcdad168c123b6be9283d20bc89fa2b7fd23c359c67e14
                                      • Instruction Fuzzy Hash: CE21BA8680E3C21FEB535A751C661D23FB09D2325C31B14EBC486CE493E54D5A1B9B22
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040A330, Relevance: .2, Instructions: 205COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1ea6eb1f91df3f30b0205f8cd003c5672a339fe2000a30f9134ca3b0536e590
                                      • Instruction ID: 96a504896852560c135b0790f3289e36f15e07a41771fd808213480feede57ef
                                      • Opcode Fuzzy Hash: e1ea6eb1f91df3f30b0205f8cd003c5672a339fe2000a30f9134ca3b0536e590
                                      • Instruction Fuzzy Hash: 9521C98680E3C21FEB535A751C661D23FF09D2325C31B14EBC482CE093E54D5A1BAB22
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00465D10, Relevance: 214.0, APIs: 98, Strings: 24, Instructions: 497COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,ClsAPIHighlight offers * public methods and functions ), ref: 00465E05
                                      • __vbaStrMove.MSVBVM60 ref: 00465E12
                                      • __vbaStrCat.MSVBVM60(About(T|F): About gives 1 of 2 messages Help(default) for use by end-user or this one Programmer(F).,00000000), ref: 00465E1A
                                      • __vbaStrMove.MSVBVM60 ref: 00465E21
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465E29
                                      • __vbaStrMove.MSVBVM60 ref: 00465E30
                                      • __vbaStrCat.MSVBVM60(APIHighlight: Private one colour handler.,00000000), ref: 00465E38
                                      • __vbaStrMove.MSVBVM60 ref: 00465E3F
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465E47
                                      • __vbaStrMove.MSVBVM60 ref: 00465E4E
                                      • __vbaStrCat.MSVBVM60(APIHighlight2: Private two colour handler,00000000), ref: 00465E56
                                      • __vbaStrMove.MSVBVM60 ref: 00465E5D
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465E65
                                      • __vbaStrMove.MSVBVM60 ref: 00465E6C
                                      • __vbaStrCat.MSVBVM60(APIHighlightHard: Change the colour behind text.,00000000), ref: 00465E74
                                      • __vbaStrMove.MSVBVM60 ref: 00465E7B
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465E83
                                      • __vbaStrMove.MSVBVM60 ref: 00465E8A
                                      • __vbaStrCat.MSVBVM60(APIHighlightHardHard: Two colours hardcoded in program,00000000), ref: 00465E92
                                      • __vbaStrMove.MSVBVM60 ref: 00465E99
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465EA1
                                      • __vbaStrMove.MSVBVM60 ref: 00465EA8
                                      • __vbaStrCat.MSVBVM60(APIHighlightAuto: Program assigns back colour, Class chooses Text colour,00000000), ref: 00465EB0
                                      • __vbaStrMove.MSVBVM60 ref: 00465EB7
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465EBF
                                      • __vbaStrMove.MSVBVM60 ref: 00465EC6
                                      • __vbaStrCat.MSVBVM60(APIHighlightUser: User selects Back colour fore colour unchanged,00000000), ref: 00465ECE
                                      • __vbaStrMove.MSVBVM60 ref: 00465ED5
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465EDD
                                      • __vbaStrMove.MSVBVM60 ref: 00465EE4
                                      • __vbaStrCat.MSVBVM60(APIHighlightUserAuto: User selects Back colour, Class chooses Text colour,00000000), ref: 00465EEC
                                      • __vbaStrMove.MSVBVM60 ref: 00465EF3
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465EFB
                                      • __vbaStrMove.MSVBVM60 ref: 00465F02
                                      • __vbaStrCat.MSVBVM60(APIHighlightUserUser: User selects Back and Text colour,00000000), ref: 00465F0A
                                      • __vbaStrMove.MSVBVM60 ref: 00465F11
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465F19
                                      • __vbaStrMove.MSVBVM60 ref: 00465F20
                                      • __vbaStrCat.MSVBVM60(AssignControls: Provide RichTextBox and CommonDialog for class to use.,00000000), ref: 00465F28
                                      • __vbaStrMove.MSVBVM60 ref: 00465F2F
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465F37
                                      • __vbaStrMove.MSVBVM60 ref: 00465F3E
                                      • __vbaStrCat.MSVBVM60(IsHighlight: Boolean test of highlight status of cursor position.,00000000), ref: 00465F46
                                      • __vbaStrMove.MSVBVM60 ref: 00465F4D
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465F55
                                      • __vbaStrMove.MSVBVM60 ref: 00465F5C
                                      • __vbaStrCat.MSVBVM60(UserColor:Routine to allow user to select a colour(can be used outside class).,00000000), ref: 00465F64
                                      • __vbaStrMove.MSVBVM60 ref: 00465F6B
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465F73
                                      • __vbaStrMove.MSVBVM60 ref: 00465F7A
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465F82
                                      • __vbaStrMove.MSVBVM60 ref: 00465F8C
                                      • __vbaStrCat.MSVBVM60(ClsAPIHIghlight is brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com),00000000), ref: 00465F94
                                      • __vbaStrMove.MSVBVM60 ref: 00465F9E
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00465FA6
                                      • __vbaStrMove.MSVBVM60 ref: 00465FB0
                                      • __vbaStrCat.MSVBVM60(Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk),00000000), ref: 00465FB8
                                      • __vbaStrMove.MSVBVM60 ref: 00465FBF
                                      • __vbaFreeStrList.MSVBVM60(0000001C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0046603C
                                      • __vbaStrCat.MSVBVM60(004106F8,HighlightHard: Hard coded highlight colour.), ref: 0046604F
                                      • __vbaStrMove.MSVBVM60 ref: 00466056
                                      • __vbaStrCat.MSVBVM60(HighlightHardHard: Hard coded 2 colour handler.,00000000), ref: 0046605E
                                      • __vbaStrMove.MSVBVM60 ref: 00466065
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0046606D
                                      • __vbaStrMove.MSVBVM60 ref: 00466074
                                      • __vbaStrCat.MSVBVM60(HighlightAuto: Program assigns back colour, Program chooses Text colour,00000000), ref: 0046607C
                                      • __vbaStrMove.MSVBVM60 ref: 00466083
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0046608B
                                      • __vbaStrMove.MSVBVM60 ref: 00466092
                                      • __vbaStrCat.MSVBVM60(HighlightUser: User selects Back colour fore colour unchanged,00000000), ref: 0046609A
                                      • __vbaStrMove.MSVBVM60 ref: 004660A1
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004660A9
                                      • __vbaStrMove.MSVBVM60 ref: 004660B0
                                      • __vbaStrCat.MSVBVM60(HighlightUserAuto: You select a Back colour, Program chooses Text colour,00000000), ref: 004660B8
                                      • __vbaStrMove.MSVBVM60 ref: 004660BF
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004660C7
                                      • __vbaStrMove.MSVBVM60 ref: 004660CE
                                      • __vbaStrCat.MSVBVM60(HighlightUserUser: You select Back and Text colours,00000000), ref: 004660D6
                                      • __vbaStrMove.MSVBVM60 ref: 004660DD
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004660E5
                                      • __vbaStrMove.MSVBVM60 ref: 004660EC
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004660F4
                                      • __vbaStrMove.MSVBVM60 ref: 004660FB
                                      • __vbaStrCat.MSVBVM60(Brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com),00000000), ref: 00466103
                                      • __vbaStrMove.MSVBVM60 ref: 0046610A
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00466112
                                      • __vbaStrMove.MSVBVM60 ref: 00466119
                                      • __vbaStrCat.MSVBVM60(Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk),00000000), ref: 00466121
                                      • __vbaStrMove.MSVBVM60 ref: 00466128
                                      • __vbaFreeStrList.MSVBVM60(0000000E,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00466164
                                      • #681.MSVBVM60(?,?,?,?), ref: 004661C5
                                      • __vbaVarDup.MSVBVM60 ref: 004661E7
                                      • __vbaVarDup.MSVBVM60 ref: 0046620D
                                      • #681.MSVBVM60(?,?,?,?), ref: 0046623F
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00466280
                                      • __vbaFreeVarList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 004662B2
                                      • __vbaFreeStr.MSVBVM60(00466390), ref: 00466388
                                      • __vbaFreeStr.MSVBVM60 ref: 0046638D
                                      Strings
                                      • HighlightUser: User selects Back colour fore colour unchanged, xrefs: 00466095
                                      • ClsAPIHighlight, xrefs: 004661D3
                                      • APIHighlightUser: User selects Back colour fore colour unchanged, xrefs: 00465EC9
                                      • Highlighting, xrefs: 004661F9
                                      • APIHighlightAuto: Program assigns back colour, Class chooses Text colour, xrefs: 00465EAB
                                      • ClsAPIHIghlight is brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com), xrefs: 00465F8F
                                      • UserColor:Routine to allow user to select a colour(can be used outside class)., xrefs: 00465F5F
                                      • HighlightHardHard: Hard coded 2 colour handler., xrefs: 00466059
                                      • APIHighlightHardHard: Two colours hardcoded in program, xrefs: 00465E8D
                                      • ClsAPIHighlight offers * public methods and functions , xrefs: 00465D50
                                      • HighlightAuto: Program assigns back colour, Program chooses Text colour, xrefs: 00466077
                                      • APIHighlightHard: Change the colour behind text., xrefs: 00465E6F
                                      • AssignControls: Provide RichTextBox and CommonDialog for class to use., xrefs: 00465F23
                                      • APIHighlightUserUser: User selects Back and Text colour, xrefs: 00465F05
                                      • APIHighlightUserAuto: User selects Back colour, Class chooses Text colour, xrefs: 00465EE7
                                      • HighlightUserAuto: You select a Back colour, Program chooses Text colour, xrefs: 004660B3
                                      • HighlightHard: Hard coded highlight colour., xrefs: 00466045
                                      • HighlightUserUser: You select Back and Text colours, xrefs: 004660D1
                                      • About(T|F): About gives 1 of 2 messages Help(default) for use by end-user or this one Programmer(F)., xrefs: 00465E15
                                      • Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk), xrefs: 00465FB3, 0046611C
                                      • APIHighlight: Private one colour handler., xrefs: 00465E33
                                      • Brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com), xrefs: 004660FE
                                      • IsHighlight: Boolean test of highlight status of cursor position., xrefs: 00465F41
                                      • APIHighlight2: Private two colour handler, xrefs: 00465E51
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List$#681$#595
                                      • String ID: APIHighlight2: Private two colour handler$APIHighlight: Private one colour handler.$APIHighlightAuto: Program assigns back colour, Class chooses Text colour$APIHighlightHard: Change the colour behind text.$APIHighlightHardHard: Two colours hardcoded in program$APIHighlightUser: User selects Back colour fore colour unchanged$APIHighlightUserAuto: User selects Back colour, Class chooses Text colour$APIHighlightUserUser: User selects Back and Text colour$About(T|F): About gives 1 of 2 messages Help(default) for use by end-user or this one Programmer(F).$AssignControls: Provide RichTextBox and CommonDialog for class to use.$Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk)$Brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com)$ClsAPIHIghlight is brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com)$ClsAPIHighlight$ClsAPIHighlight offers * public methods and functions $HighlightAuto: Program assigns back colour, Program chooses Text colour$HighlightHard: Hard coded highlight colour.$HighlightHardHard: Hard coded 2 colour handler.$HighlightUser: User selects Back colour fore colour unchanged$HighlightUserAuto: You select a Back colour, Program chooses Text colour$HighlightUserUser: You select Back and Text colours$Highlighting$IsHighlight: Boolean test of highlight status of cursor position.$UserColor:Routine to allow user to select a colour(can be used outside class).
                                      • API String ID: 1430998111-2358789330
                                      • Opcode ID: fca891554a5a279c8e3c3fd3fa422fc8b5bd16a7450ffd55b89f5d277beb2c38
                                      • Instruction ID: bae2768db1aeeda90c6011fc5cf414a4692e23e91a36df3b72109415a80f6b8a
                                      • Opcode Fuzzy Hash: fca891554a5a279c8e3c3fd3fa422fc8b5bd16a7450ffd55b89f5d277beb2c38
                                      • Instruction Fuzzy Hash: 0C02EFB1D5011CAEDB15DFA5CC91EEEBBB8EF88300F10816BE006A7154EE705A85CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004682A0, Relevance: 184.2, APIs: 84, Strings: 21, Instructions: 434COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,ClsAPIZoom provides Zoom support for a RichTextBox control.), ref: 00468374
                                      • __vbaStrMove.MSVBVM60 ref: 00468381
                                      • __vbaStrCat.MSVBVM60(There are four Public routines,00000000), ref: 00468389
                                      • __vbaStrMove.MSVBVM60 ref: 00468390
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00468398
                                      • __vbaStrMove.MSVBVM60 ref: 0046839F
                                      • __vbaStrCat.MSVBVM60(About(T|F): About gives 1 of 2 messages Help(default) for use by end-user or this one Programmer(F).,00000000), ref: 004683A7
                                      • __vbaStrMove.MSVBVM60 ref: 004683AE
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004683B6
                                      • __vbaStrMove.MSVBVM60 ref: 004683BD
                                      • __vbaStrCat.MSVBVM60(AssignControls RTB, Cbo: Assign and setup a RichTextBox and a ComboBox for the class to use.,00000000), ref: 004683C5
                                      • __vbaStrMove.MSVBVM60 ref: 004683CC
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004683D4
                                      • __vbaStrMove.MSVBVM60 ref: 004683DB
                                      • __vbaStrCat.MSVBVM60(ZoomDo: Place a call to this in the ComboBox's click event.,00000000), ref: 004683E3
                                      • __vbaStrMove.MSVBVM60 ref: 004683EA
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004683F2
                                      • __vbaStrMove.MSVBVM60 ref: 004683F9
                                      • __vbaStrCat.MSVBVM60(ZoomSlug(MainStr$, T|F): Return the current Zoom value as a percent(T)-> 80 or a ratio(F)-> 4:5 added onto MainStr,00000000), ref: 00468401
                                      • __vbaStrMove.MSVBVM60 ref: 00468408
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00468410
                                      • __vbaStrMove.MSVBVM60 ref: 00468417
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0046841F
                                      • __vbaStrMove.MSVBVM60 ref: 00468426
                                      • __vbaStrCat.MSVBVM60(ClsAPIZoom is brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com),00000000), ref: 0046842E
                                      • __vbaStrMove.MSVBVM60 ref: 00468435
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0046843D
                                      • __vbaStrMove.MSVBVM60 ref: 00468444
                                      • __vbaStrCat.MSVBVM60(Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk),00000000), ref: 0046844C
                                      • __vbaStrMove.MSVBVM60 ref: 00468453
                                      • __vbaFreeStrList.MSVBVM60(0000000E,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0046848F
                                      • __vbaStrCat.MSVBVM60(004106F8,You can zoom your view of the document by selecting a level), ref: 004684A2
                                      • __vbaStrMove.MSVBVM60 ref: 004684A9
                                      • __vbaStrCat.MSVBVM60(in the zoom Combobox. Note this is for ease of viewing,,00000000), ref: 004684B1
                                      • __vbaStrMove.MSVBVM60 ref: 004684B8
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004684C0
                                      • __vbaStrMove.MSVBVM60 ref: 004684C7
                                      • __vbaStrCat.MSVBVM60(it does not change the real font size.,00000000), ref: 004684CF
                                      • __vbaStrMove.MSVBVM60 ref: 004684D6
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004684DE
                                      • __vbaStrMove.MSVBVM60 ref: 004684E5
                                      • __vbaStrCat.MSVBVM60(A 500% zoom document will not print out as a billboard,00000000), ref: 004684ED
                                      • __vbaStrMove.MSVBVM60 ref: 004684F4
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004684FC
                                      • __vbaStrMove.MSVBVM60 ref: 00468503
                                      • __vbaStrCat.MSVBVM60(or save its zoom factor. ,00000000), ref: 0046850B
                                      • __vbaStrMove.MSVBVM60 ref: 00468512
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0046851A
                                      • __vbaStrMove.MSVBVM60 ref: 00468521
                                      • __vbaStrCat.MSVBVM60(The next time you open the document it will be normal size.,00000000), ref: 00468529
                                      • __vbaStrMove.MSVBVM60 ref: 00468530
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00468538
                                      • __vbaStrMove.MSVBVM60 ref: 0046853F
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00468547
                                      • __vbaStrMove.MSVBVM60 ref: 0046854E
                                      • __vbaStrCat.MSVBVM60(Note:really large zooms may appear blank on small windows,00000000), ref: 00468556
                                      • __vbaStrMove.MSVBVM60 ref: 0046855D
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00468565
                                      • __vbaStrMove.MSVBVM60 ref: 0046856C
                                      • __vbaStrCat.MSVBVM60(as you are seeing only the space above a single letter such as 'a',,00000000), ref: 00468574
                                      • __vbaStrMove.MSVBVM60 ref: 0046857B
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00468583
                                      • __vbaStrMove.MSVBVM60 ref: 0046858A
                                      • __vbaStrCat.MSVBVM60(scroll up or down until you find text.,00000000), ref: 00468592
                                      • __vbaStrMove.MSVBVM60 ref: 00468599
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004685A1
                                      • __vbaStrMove.MSVBVM60 ref: 004685A8
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004685B0
                                      • __vbaStrMove.MSVBVM60 ref: 004685B7
                                      • __vbaStrCat.MSVBVM60(Brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com),00000000), ref: 004685BF
                                      • __vbaStrMove.MSVBVM60 ref: 004685C6
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004685CE
                                      • __vbaStrMove.MSVBVM60 ref: 004685D5
                                      • __vbaStrCat.MSVBVM60(Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk),00000000), ref: 004685DD
                                      • __vbaStrMove.MSVBVM60 ref: 004685E4
                                      • __vbaFreeStrList.MSVBVM60(00000015,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0046863C
                                      • #681.MSVBVM60(?,?,?,?), ref: 0046869A
                                      • __vbaVarDup.MSVBVM60 ref: 004686BC
                                      • __vbaVarDup.MSVBVM60 ref: 004686E2
                                      • #681.MSVBVM60(?,?,?,?), ref: 00468714
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00468752
                                      • __vbaFreeVarList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 00468781
                                      • __vbaFreeStr.MSVBVM60(00468834), ref: 0046882C
                                      • __vbaFreeStr.MSVBVM60 ref: 00468831
                                      Strings
                                      • You can zoom your view of the document by selecting a level, xrefs: 00468498
                                      • ClsAPIZoom is brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com), xrefs: 00468429
                                      • AssignControls RTB, Cbo: Assign and setup a RichTextBox and a ComboBox for the class to use., xrefs: 004683C0
                                      • ClsAPIZoom, xrefs: 004686A8
                                      • scroll up or down until you find text., xrefs: 0046858D
                                      • ZoomDo: Place a call to this in the ComboBox's click event., xrefs: 004683DE
                                      • A 500% zoom document will not print out as a billboard, xrefs: 004684E8
                                      • it does not change the real font size., xrefs: 004684CA
                                      • or save its zoom factor. , xrefs: 00468506
                                      • The next time you open the document it will be normal size., xrefs: 00468524
                                      • Note:really large zooms may appear blank on small windows, xrefs: 00468551
                                      • ZoomSlug(MainStr$, T|F): Return the current Zoom value as a percent(T)-> 80 or a ratio(F)-> 4:5 added onto MainStr, xrefs: 004683FC
                                      • as you are seeing only the space above a single letter such as 'a',, xrefs: 0046856F
                                      • in the zoom Combobox. Note this is for ease of viewing,, xrefs: 004684AC
                                      • 8)@, xrefs: 004682D1, 004682D4
                                      • ClsAPIZoom provides Zoom support for a RichTextBox control., xrefs: 004682E0
                                      • About(T|F): About gives 1 of 2 messages Help(default) for use by end-user or this one Programmer(F)., xrefs: 004683A2
                                      • Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk), xrefs: 00468447, 004685D8
                                      • Brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com), xrefs: 004685BA
                                      • Zooming Help, xrefs: 004686CE
                                      • There are four Public routines, xrefs: 00468384
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List$#681$#595
                                      • String ID: 8)@$A 500% zoom document will not print out as a billboard$About(T|F): About gives 1 of 2 messages Help(default) for use by end-user or this one Programmer(F).$AssignControls RTB, Cbo: Assign and setup a RichTextBox and a ComboBox for the class to use.$Based on the work of Sergio Perciballi (Email:oigres@postmaster.co.uk)$Brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com)$ClsAPIZoom$ClsAPIZoom is brought to you by Roger Gilchrist (Email:rojagilkrist@hotmail.com)$ClsAPIZoom provides Zoom support for a RichTextBox control.$Note:really large zooms may appear blank on small windows$The next time you open the document it will be normal size.$There are four Public routines$You can zoom your view of the document by selecting a level$ZoomDo: Place a call to this in the ComboBox's click event.$ZoomSlug(MainStr$, T|F): Return the current Zoom value as a percent(T)-> 80 or a ratio(F)-> 4:5 added onto MainStr$Zooming Help$as you are seeing only the space above a single letter such as 'a',$in the zoom Combobox. Note this is for ease of viewing,$it does not change the real font size.$or save its zoom factor. $scroll up or down until you find text.
                                      • API String ID: 1430998111-2063408761
                                      • Opcode ID: 363d676ade852c00e3e5f96c9c3717f130794b24cb4faaf0100639de7996ad2b
                                      • Instruction ID: 33a4e744a5f76bab5e06b3f71346fc00adad3447eca1ea1d87db491e97c49f01
                                      • Opcode Fuzzy Hash: 363d676ade852c00e3e5f96c9c3717f130794b24cb4faaf0100639de7996ad2b
                                      • Instruction Fuzzy Hash: 6AF1DDB1D5021CAECB15DF95CC90EEEBBB9FF88700F10416BE406A6154EEB45A85CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045BEA0, Relevance: 152.6, APIs: 68, Strings: 19, Instructions: 331COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,blue steel|0|255|0|33|99|1.3), ref: 0045BF59
                                      • __vbaStrMove.MSVBVM60 ref: 0045BF66
                                      • __vbaStrCat.MSVBVM60(diamond|0|255|100|100|255|1.3,00000000), ref: 0045BF6E
                                      • __vbaStrMove.MSVBVM60 ref: 0045BF75
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045BF7D
                                      • __vbaStrMove.MSVBVM60 ref: 0045BF84
                                      • __vbaStrCat.MSVBVM60(gold|0|255|70|30|0|1.3,00000000), ref: 0045BF8C
                                      • __vbaStrMove.MSVBVM60 ref: 0045BF93
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045BF9B
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFA2
                                      • __vbaStrCat.MSVBVM60(ice|100|255|0|40|60|3,00000000), ref: 0045BFAA
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFB1
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045BFB9
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFC0
                                      • __vbaStrCat.MSVBVM60(lead|0|100|33|33|99|1.5,00000000), ref: 0045BFC8
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFCF
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045BFD7
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFDE
                                      • __vbaStrCat.MSVBVM60(rubber|0|100|100|33|33|1.5,00000000), ref: 0045BFE6
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFED
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045BFF5
                                      • __vbaStrMove.MSVBVM60 ref: 0045BFFC
                                      • __vbaStrCat.MSVBVM60(silver|0|255|33|33|33|1.3,00000000), ref: 0045C004
                                      • __vbaStrMove.MSVBVM60 ref: 0045C00B
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C013
                                      • __vbaStrMove.MSVBVM60 ref: 0045C01A
                                      • __vbaStrCat.MSVBVM60(slate|0|100|33|33|100|1.3,00000000), ref: 0045C022
                                      • __vbaStrMove.MSVBVM60 ref: 0045C029
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C031
                                      • __vbaStrMove.MSVBVM60 ref: 0045C038
                                      • __vbaStrCat.MSVBVM60(flesh|100|255|44|4|0|1.3,00000000), ref: 0045C040
                                      • __vbaStrMove.MSVBVM60 ref: 0045C047
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C04F
                                      • __vbaStrMove.MSVBVM60 ref: 0045C056
                                      • __vbaStrCat.MSVBVM60(yellowrose|100|255|54|24|0|1.3,00000000), ref: 0045C05E
                                      • __vbaStrMove.MSVBVM60 ref: 0045C065
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C06D
                                      • __vbaStrMove.MSVBVM60 ref: 0045C074
                                      • __vbaStrCat.MSVBVM60(pineboard|100|165|100|85|35|1.5,00000000), ref: 0045C07C
                                      • __vbaStrMove.MSVBVM60 ref: 0045C083
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C08B
                                      • __vbaStrMove.MSVBVM60 ref: 0045C092
                                      • __vbaStrCat.MSVBVM60(umber|100|165|180|85|35|10,00000000), ref: 0045C09A
                                      • __vbaStrMove.MSVBVM60 ref: 0045C0A1
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C0A9
                                      • __vbaStrMove.MSVBVM60 ref: 0045C0B0
                                      • __vbaStrCat.MSVBVM60(snow|200|255|0|34|66|1.5,00000000), ref: 0045C0B8
                                      • __vbaStrMove.MSVBVM60 ref: 0045C0BF
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C0C7
                                      • __vbaStrMove.MSVBVM60 ref: 0045C0CE
                                      • __vbaStrCat.MSVBVM60(manila|101|217|94|96|0|3.4,00000000), ref: 0045C0D6
                                      • __vbaStrMove.MSVBVM60 ref: 0045C0DD
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C0E5
                                      • __vbaStrMove.MSVBVM60 ref: 0045C0EF
                                      • __vbaStrCat.MSVBVM60(milk chocolate|0|100|95|55|45|1.5,00000000), ref: 0045C0F7
                                      • __vbaStrMove.MSVBVM60 ref: 0045C101
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C109
                                      • __vbaStrMove.MSVBVM60 ref: 0045C113
                                      • __vbaStrCat.MSVBVM60(old gold|100|165|180|85|35|1,00000000), ref: 0045C11B
                                      • __vbaStrMove.MSVBVM60 ref: 0045C125
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0045C12D
                                      • __vbaStrMove.MSVBVM60 ref: 0045C137
                                      • __vbaStrCat.MSVBVM60(manila 1|160|191|95|96|3.4,00000000), ref: 0045C13F
                                      • __vbaStrMove.MSVBVM60 ref: 0045C146
                                      • __vbaFreeStrList.MSVBVM60(0000001F,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0045C1D5
                                      • __vbaStrCopy.MSVBVM60 ref: 0045C1E9
                                      • __vbaFreeStr.MSVBVM60 ref: 0045C20B
                                      • __vbaFreeStr.MSVBVM60(0045C2BF), ref: 0045C2B8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$CopyList
                                      • String ID: 0!@$MATERIALS$blue steel|0|255|0|33|99|1.3$diamond|0|255|100|100|255|1.3$flesh|100|255|44|4|0|1.3$gold|0|255|70|30|0|1.3$ice|100|255|0|40|60|3$lead|0|100|33|33|99|1.5$manila 1|160|191|95|96|3.4$manila|101|217|94|96|0|3.4$milk chocolate|0|100|95|55|45|1.5$old gold|100|165|180|85|35|1$pineboard|100|165|100|85|35|1.5$rubber|0|100|100|33|33|1.5$silver|0|255|33|33|33|1.3$slate|0|100|33|33|100|1.3$snow|200|255|0|34|66|1.5$umber|100|165|180|85|35|10$yellowrose|100|255|54|24|0|1.3
                                      • API String ID: 3646094356-1335440793
                                      • Opcode ID: 1036992ecaff67e801dc132f1d81cf64b77238787449336888b8585e12a89d93
                                      • Instruction ID: 1c86eb16a1fe1ae1c9bd8a1d2882d6fa2651abd073774c952f889d52a2a67a59
                                      • Opcode Fuzzy Hash: 1036992ecaff67e801dc132f1d81cf64b77238787449336888b8585e12a89d93
                                      • Instruction Fuzzy Hash: 9AB1FD71D5012CAACB15EBA8CC55DEFBBBCEF98700F20815BE412A7154DEB45985CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00449330, Relevance: 112.4, APIs: 59, Strings: 5, Instructions: 367COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrMove.MSVBVM60 ref: 004493AB
                                      • #616.MSVBVM60(?,?), ref: 004493B8
                                      • __vbaStrMove.MSVBVM60 ref: 004493C3
                                      • __vbaInStr.MSVBVM60(00000000,{\fonttbl,?,00000001), ref: 004493D1
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 004493E5
                                      • __vbaInStr.MSVBVM60(00000000,;}},?,00000000), ref: 004493FD
                                      • __vbaInStr.MSVBVM60(00000000,\stylesheet{,?,00000001), ref: 0044941B
                                      • #631.MSVBVM60(?,00000000,?), ref: 0044944A
                                      • __vbaStrMove.MSVBVM60 ref: 00449455
                                      • __vbaFreeVar.MSVBVM60 ref: 0044945A
                                      • #616.MSVBVM60(?,-00000001), ref: 0044946E
                                      • __vbaStrMove.MSVBVM60 ref: 00449479
                                      • #631.MSVBVM60(?,?,00000003), ref: 0044949B
                                      • __vbaStrMove.MSVBVM60 ref: 004494A2
                                      • __vbaFreeVar.MSVBVM60 ref: 004494A7
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 004494C1
                                      • __vbaInStr.MSVBVM60(00000000,00412B58,?,00000000), ref: 004494DD
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000000), ref: 004494F1
                                      • #631.MSVBVM60(?,?,?), ref: 0044951D
                                      • __vbaStrMove.MSVBVM60 ref: 00449524
                                      • #631.MSVBVM60(?,?,?), ref: 00449540
                                      • __vbaStrMove.MSVBVM60 ref: 00449547
                                      • __vbaFreeVar.MSVBVM60 ref: 0044954C
                                      • __vbaInStr.MSVBVM60(00000000,;}},?,00000001), ref: 00449563
                                      • #616.MSVBVM60(?,-00000004), ref: 00449577
                                      • __vbaStrMove.MSVBVM60 ref: 00449582
                                      • __vbaInStr.MSVBVM60(00000000,;}},?,00000001,?), ref: 004495A2
                                      • #631.MSVBVM60(?,-00000005), ref: 004495B6
                                      • __vbaStrMove.MSVBVM60 ref: 004495BD
                                      • __vbaFreeVar.MSVBVM60 ref: 004495C2
                                      • #631.MSVBVM60(?,?,?), ref: 004495F1
                                      • __vbaStrMove.MSVBVM60 ref: 004495F8
                                      • __vbaFreeVar.MSVBVM60 ref: 004495FD
                                      • #631.MSVBVM60(?,?,0000000A,?), ref: 00449630
                                      • __vbaStrMove.MSVBVM60 ref: 00449637
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00449640
                                      • __vbaStrMove.MSVBVM60 ref: 00449647
                                      • __vbaFreeStr.MSVBVM60 ref: 0044964C
                                      • __vbaFreeVar.MSVBVM60 ref: 00449655
                                      • #711.MSVBVM60(?,?,0000000A,000000FF,00000000), ref: 00449678
                                      • __vbaVargVarMove.MSVBVM60 ref: 00449684
                                      • __vbaFreeVar.MSVBVM60 ref: 0044968D
                                      • __vbaStrCat.MSVBVM60(?,?), ref: 0044969B
                                      • __vbaStrMove.MSVBVM60 ref: 004496A2
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 004496A9
                                      • __vbaStrMove.MSVBVM60 ref: 004496B0
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 004496B7
                                      • __vbaStrMove.MSVBVM60 ref: 004496BE
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004496CA
                                      • __vbaFreeStr.MSVBVM60(0044972D), ref: 00449707
                                      • __vbaFreeStr.MSVBVM60 ref: 0044970C
                                      • __vbaFreeStr.MSVBVM60 ref: 00449711
                                      • __vbaFreeStr.MSVBVM60 ref: 00449716
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00449742
                                      • __vbaVarMove.MSVBVM60 ref: 004497A7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$#631$#616$#711ErrorListOverflowVarg
                                      • String ID: ;}}$\stylesheet{${\colortbl${\fonttbl$/@
                                      • API String ID: 21647015-1445809179
                                      • Opcode ID: f3e7d3bfe8ea133d501b3a0b7782d13edd1e4c6952a8a69ee680b0208221d7de
                                      • Instruction ID: 9172b8d44ece360159e6f871eee962e3e57c0d149aaf77b6702877d09dc75581
                                      • Opcode Fuzzy Hash: f3e7d3bfe8ea133d501b3a0b7782d13edd1e4c6952a8a69ee680b0208221d7de
                                      • Instruction Fuzzy Hash: BDE1F6B1D01249AFDB04DFA4DD84AEEBBB9FF98300F20412AE506B7264DB746A45CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407267, Relevance: 105.3, APIs: 56, Strings: 4, Instructions: 335COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrMove.MSVBVM60 ref: 0044DF1A
                                      • #616.MSVBVM60(?,0000000E), ref: 0044DF27
                                      • __vbaStrMove.MSVBVM60 ref: 0044DF32
                                      • __vbaInStr.MSVBVM60(00000000,{\fonttbl,?,00000001), ref: 0044DF40
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 0044DF54
                                      • __vbaInStr.MSVBVM60(00000000,;}},?,00000000), ref: 0044DF6C
                                      • __vbaInStr.MSVBVM60(00000000,\stylesheet{,?,00000001), ref: 0044DF8A
                                      • #631.MSVBVM60(?,00000000,?), ref: 0044DFBF
                                      • __vbaStrMove.MSVBVM60 ref: 0044DFC6
                                      • __vbaFreeVar.MSVBVM60 ref: 0044DFCB
                                      • #616.MSVBVM60(?,-00000001), ref: 0044DFDF
                                      • __vbaStrMove.MSVBVM60 ref: 0044DFEA
                                      • #631.MSVBVM60(?,?,00000003), ref: 0044E006
                                      • __vbaStrMove.MSVBVM60 ref: 0044E00D
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E018
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 0044E035
                                      • __vbaInStr.MSVBVM60(00000000,00412B58,?,00000000), ref: 0044E04E
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000000), ref: 0044E063
                                      • #631.MSVBVM60(?,?,?), ref: 0044E08F
                                      • __vbaStrMove.MSVBVM60 ref: 0044E096
                                      • #631.MSVBVM60(?,?,?), ref: 0044E0B2
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 0044E320
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,66106831,660E6C30,660E6FE2), ref: 0044E380
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0044E391
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044E39B
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E3AE
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 0044E3C4
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0044E3D1
                                      • __vbaStrMove.MSVBVM60 ref: 0044E3DC
                                      • __vbaVarMove.MSVBVM60 ref: 0044E413
                                      • __vbaFreeStr.MSVBVM60 ref: 0044E41C
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E425
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$#631$#616CallLate$AddrefErrorOverflow
                                      • String ID: ;}}$\stylesheet{${\colortbl${\fonttbl
                                      • API String ID: 548234342-1520851685
                                      • Opcode ID: 12a10f8ada8f4245b0e957cf51cde2f66c667ec1fba240ef4a94e5cf4b6fe32a
                                      • Instruction ID: ec13260fa3976655cd1b9cbf445dd5afe5f78477fb6cb78116f49c211d33577a
                                      • Opcode Fuzzy Hash: 12a10f8ada8f4245b0e957cf51cde2f66c667ec1fba240ef4a94e5cf4b6fe32a
                                      • Instruction Fuzzy Hash: DED1DCB1E00209AFDB04DFA5DD84AEEBBB9FF58300F10812AF516B72A4DA746945CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00470290, Relevance: 100.2, APIs: 42, Strings: 15, Instructions: 409COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0047030D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123E0,0000007C), ref: 0047032F
                                      • __vbaFreeObj.MSVBVM60 ref: 00470338
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470350
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470366
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E0), ref: 00470390
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E8), ref: 004703BC
                                      • #517.MSVBVM60(?), ref: 004703C6
                                      • __vbaStrMove.MSVBVM60 ref: 004703D4
                                      • __vbaFreeStr.MSVBVM60 ref: 004703DD
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004703ED
                                      • __vbaStrCmp.MSVBVM60(candy,?), ref: 00470408
                                      • __vbaStrCmp.MSVBVM60(blender **,?), ref: 00470433
                                      • __vbaStrCmp.MSVBVM60(blenderauto *,?), ref: 00470449
                                      • __vbaStrCmp.MSVBVM60(rainbow,?), ref: 0047045F
                                      • __vbaStrCmp.MSVBVM60(spectrum,?), ref: 0047048A
                                      • __vbaStrCmp.MSVBVM60(Text colour *,?), ref: 004705F7
                                      • __vbaStrCmp.MSVBVM60(fuzzy *,?), ref: 00470636
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004706CD
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004706DF
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E0), ref: 00470705
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E8), ref: 00470731
                                      • #517.MSVBVM60(?,00000001), ref: 0047073D
                                      • __vbaStrMove.MSVBVM60 ref: 00470748
                                      • __vbaInStr.MSVBVM60(00000000,00414940,00000000), ref: 00470756
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00470771
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00470781
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004707A9
                                      • #681.MSVBVM60(?,?,?,?), ref: 004707E4
                                      • __vbaI2Var.MSVBVM60(?), ref: 004707F0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411E5C,000000E4), ref: 00470810
                                      • __vbaFreeObj.MSVBVM60 ref: 00470819
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0047082C
                                      • __vbaFreeStr.MSVBVM60(00470889), ref: 00470882
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckHresult$List$#517Move$#681
                                      • String ID: Text colour *$blender **$blenderauto *$candy$dither *$dither2 *$fuzzy *$highlightuser *$highlightuserauto *$highlightuseruser **$materials$rainbow$random$spectrum$styles
                                      • API String ID: 2088400180-3174101349
                                      • Opcode ID: 109b2f7bf1849378245afacd4d97c86c45932c2a075daafc9c5a2845209154d4
                                      • Instruction ID: 31747009d17ff718b33b67934688e48aea7826542fe3448666b888a33bb68ed5
                                      • Opcode Fuzzy Hash: 109b2f7bf1849378245afacd4d97c86c45932c2a075daafc9c5a2845209154d4
                                      • Instruction Fuzzy Hash: 6AF15FB1900219EFDB20DFA4CD48FEAB7B8BF84704F10829AE559E7190DB745A858F64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045AF20, Relevance: 100.2, APIs: 52, Strings: 5, Instructions: 402COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,@ @,00411700,000000CC), ref: 0045B00A
                                      • __vbaLenBstr.MSVBVM60 ref: 0045B016
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,@ @,00411700,000000B0), ref: 0045B040
                                      • __vbaStrI4.MSVBVM60(?,User ), ref: 0045B05B
                                      • __vbaStrMove.MSVBVM60 ref: 0045B06C
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045B075
                                      • __vbaStrMove.MSVBVM60 ref: 0045B07C
                                      • __vbaFreeStr.MSVBVM60 ref: 0045B081
                                      • __vbaStrCmp.MSVBVM60(@@@@@@@@), ref: 0045B0A0
                                      • __vbaStrCat.MSVBVM60(00410724), ref: 0045B0C6
                                      • __vbaStrMove.MSVBVM60 ref: 0045B0CD
                                      • __vbaStrI2.MSVBVM60(?,00000000), ref: 0045B0D7
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045B0E2
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000), ref: 0045B0E5
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045B0EC
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000), ref: 0045B0F4
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045B0FB
                                      • __vbaStrI2.MSVBVM60(00000000,00000000,?,00000000), ref: 0045B105
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045B110
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000), ref: 0045B113
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045B11A
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000), ref: 0045B122
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045B129
                                      • __vbaStrI2.MSVBVM60(?,00000000,?,00000000), ref: 0045B133
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000), ref: 0045B13E
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,00000000), ref: 0045B141
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000), ref: 0045B148
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000,?,00000000), ref: 0045B150
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000), ref: 0045B157
                                      • __vbaStrI2.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B161
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B16C
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,00000000,?,00000000), ref: 0045B16F
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B176
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B17E
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B185
                                      • __vbaStrI2.MSVBVM60(00000000,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B18F
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B19A
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,00000000,?,00000000), ref: 0045B19D
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B1A4
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B1AC
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,00000000), ref: 0045B1B3
                                      • __vbaStrR8.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B1C0
                                      • __vbaStrMove.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B1CB
                                      • __vbaStrCat.MSVBVM60(00000000,?,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B1CE
                                      • __vbaStrMove.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0045B1D5
                                      • __vbaFreeStrList.MSVBVM60(00000012,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0045B22E
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0045B2F6), ref: 0045B2EF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$CheckFreeHresult$BstrDestructList
                                      • String ID: @ @$@@@@@@@@$User $user$/@
                                      • API String ID: 698359333-3425027014
                                      • Opcode ID: 8efbde88eda5f4501fb1599e6594f183e25eac49d8fe641a4a2e3cf46ccf2470
                                      • Instruction ID: a36a0ec4b6276abdf92879113aacdc4b813f9b257d39ee31accd17e4c663f938
                                      • Opcode Fuzzy Hash: 8efbde88eda5f4501fb1599e6594f183e25eac49d8fe641a4a2e3cf46ccf2470
                                      • Instruction Fuzzy Hash: ADE1D4B1D00219ABCB04DFA4CD88DEEBBBDFF48700F10811AF916A7254DA74A945CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004663B0, Relevance: 100.2, APIs: 56, Strings: 1, Instructions: 401COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 00466420
                                      • __vbaVarVargNofree.MSVBVM60(?,00000001), ref: 00466451
                                      • __vbaInStrVar.MSVBVM60(?,00000000,00000000), ref: 0046645D
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00466464
                                      • __vbaFreeVar.MSVBVM60 ref: 0046646F
                                      • __vbaInStr.MSVBVM60(00000000,-00000001,?,-00000001), ref: 00466494
                                      • #616.MSVBVM60(?,-00000001), ref: 004664AB
                                      • __vbaLenBstr.MSVBVM60(?,?), ref: 004664EC
                                      • #631.MSVBVM60(?,00000000), ref: 00466502
                                      • __vbaVarVargNofree.MSVBVM60(?), ref: 0046651E
                                      • __vbaVarCat.MSVBVM60(?,00000000), ref: 0046652F
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 0046653D
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 0046654B
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 0046655C
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0046655F
                                      • __vbaStrMove.MSVBVM60 ref: 0046656A
                                      • __vbaFreeVarList.MSVBVM60(00000007,?,?,?,0000000A,?,?,?), ref: 00466594
                                      • __vbaVarVargNofree.MSVBVM60(?,00000001), ref: 004665CF
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 004665E1
                                      • __vbaInStrVar.MSVBVM60(?,00000000,00000000), ref: 004665E9
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 004665F0
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00466606
                                      • __vbaVarVargNofree.MSVBVM60(00412C18,00000001,000000FF,00000000), ref: 00466640
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00466652
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 00466659
                                      • #712.MSVBVM60(?,00000000), ref: 00466664
                                      • __vbaStrMove.MSVBVM60 ref: 0046666F
                                      • __vbaFreeStr.MSVBVM60 ref: 00466678
                                      • __vbaFreeVar.MSVBVM60 ref: 00466681
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 00466692
                                      • __vbaVarVargNofree.MSVBVM60 ref: 004666E3
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 004666FB
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00466709
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00466717
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0046671A
                                      • __vbaStrMove.MSVBVM60 ref: 00466725
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 004667C9
                                      • __vbaStrCopy.MSVBVM60 ref: 004667D8
                                      • __vbaFreeStr.MSVBVM60(00466835), ref: 0046682E
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00466852
                                      • #606.MSVBVM60(00000100,?,00000008,00000000,00000000), ref: 004668AC
                                      • __vbaStrMove.MSVBVM60 ref: 004668BD
                                      • __vbaFreeVar.MSVBVM60 ref: 004668C2
                                      • __vbaStrToAnsi.MSVBVM60(?,?,00000100,00000000), ref: 004668D6
                                      • __vbaSetSystemError.MSVBVM60(00001200,00000000,?,00000000,00000000), ref: 004668EF
                                      • __vbaStrToUnicode.MSVBVM60(?,?), ref: 004668FD
                                      • __vbaFreeStr.MSVBVM60 ref: 00466906
                                      • #616.MSVBVM60(?,00000000), ref: 00466915
                                      • __vbaStrMove.MSVBVM60 ref: 00466920
                                      • __vbaFreeStr.MSVBVM60(00466955), ref: 0046694E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$NofreeVarg$List$#616BstrCopyError$#606#631#712AnsiBoolNullOverflowSystemUnicode
                                      • String ID: /@
                                      • API String ID: 3996189025-2163338593
                                      • Opcode ID: bcdb186edffc431ba5d21dca80c817b8389c1ad08069dd47658b4de1aad3e9a4
                                      • Instruction ID: a5ae248f7b8502bbc455e88ac24f7567f2e0b0467fe2f40b9d6b0a9cb386f2fb
                                      • Opcode Fuzzy Hash: bcdb186edffc431ba5d21dca80c817b8389c1ad08069dd47658b4de1aad3e9a4
                                      • Instruction Fuzzy Hash: B4F1D8B5900219AFDB14DF94DD84EEEBBB9FF48300F10819AE509B3260DB746989CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00453750, Relevance: 98.4, APIs: 52, Strings: 4, Instructions: 410COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVargVarMove.MSVBVM60 ref: 004537E7
                                      • __vbaVargVarMove.MSVBVM60 ref: 0045380D
                                      • __vbaStrMove.MSVBVM60 ref: 00453856
                                      • __vbaStrCopy.MSVBVM60 ref: 0045385E
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00453868
                                      • __vbaStrCopy.MSVBVM60 ref: 0045387A
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00453886
                                      • #616.MSVBVM60(?,-00000003), ref: 0045389A
                                      • __vbaStrMove.MSVBVM60 ref: 004538A5
                                      • __vbaRefVarAry.MSVBVM60(/@), ref: 004538B9
                                      • __vbaLbound.MSVBVM60(00000001), ref: 004538C4
                                      • __vbaForEachVar.MSVBVM60(?,?,?,?,?,?), ref: 004538F1
                                      • #593.MSVBVM60(?), ref: 0045391A
                                      • __vbaFpR4.MSVBVM60 ref: 00453920
                                      • __vbaFpR4.MSVBVM60 ref: 00453932
                                      • __vbaFreeVar.MSVBVM60 ref: 00453951
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 004539C2
                                      • __vbaNextEachVar.MSVBVM60(?,?,?,?,?), ref: 004539FA
                                      • __vbaStrCat.MSVBVM60(} ,?), ref: 00453A14
                                      • __vbaStrMove.MSVBVM60 ref: 00453A1B
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 00453A2A
                                      • #712.MSVBVM60(?,?,?,00000001,000000FF,00000000), ref: 00453A46
                                      • __vbaStrMove.MSVBVM60 ref: 00453A51
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00453A59
                                      • #616.MSVBVM60(?,-00000001), ref: 00453A6D
                                      • __vbaStrMove.MSVBVM60 ref: 00453A78
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 00453A7F
                                      • __vbaStrMove.MSVBVM60 ref: 00453A86
                                      • __vbaStrCat.MSVBVM60(00412C2C,00000000), ref: 00453A8E
                                      • __vbaStrMove.MSVBVM60 ref: 00453A95
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00453AA1
                                      • #519.MSVBVM60(?), ref: 00453ABC
                                      • __vbaStrMove.MSVBVM60 ref: 00453AC7
                                      • #710.MSVBVM60(?,0000000A,00000000), ref: 00453AD2
                                      • __vbaStrMove.MSVBVM60 ref: 00453ADD
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00453AE0
                                      • __vbaStrMove.MSVBVM60 ref: 00453AE7
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00453B04
                                      • __vbaFreeVar.MSVBVM60 ref: 00453B10
                                      • __vbaAryUnlock.MSVBVM60(?,00453B98), ref: 00453B60
                                      • __vbaFreeObj.MSVBVM60 ref: 00453B6C
                                      • __vbaFreeVar.MSVBVM60 ref: 00453B7B
                                      • __vbaFreeVar.MSVBVM60 ref: 00453B80
                                      • __vbaFreeStr.MSVBVM60 ref: 00453B8B
                                      • __vbaFreeStr.MSVBVM60 ref: 00453B90
                                      • __vbaFreeStr.MSVBVM60 ref: 00453B95
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00453BAD
                                      • __vbaI2I4.MSVBVM60(/@,?), ref: 00453BDB
                                      • _adj_fdiv_m64.MSVBVM60 ref: 00453C23
                                      • __vbaFpI2.MSVBVM60 ref: 00453C2E
                                      • _adj_fdiv_m64.MSVBVM60 ref: 00453C6A
                                      • __vbaFpI2.MSVBVM60 ref: 00453C75
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$Bstr$#616CopyEachListVarg_adj_fdiv_m64$#519#593#710#712ErrorIndexLboundNextOverflowStoreUnlock
                                      • String ID: {\colortbl${\colortbl{;$} $/@
                                      • API String ID: 704351248-3263169095
                                      • Opcode ID: 79b71490c1e6c8ff69ab7b0e8fdf5fe4f80474281625601adae3d9dcc4d19c4e
                                      • Instruction ID: 7437b016615a5e14751f9495bf0923aae5c4ee0fb07cc68de5a93c7080bef5d4
                                      • Opcode Fuzzy Hash: 79b71490c1e6c8ff69ab7b0e8fdf5fe4f80474281625601adae3d9dcc4d19c4e
                                      • Instruction Fuzzy Hash: 66F14971900209DFCB04DFA4DD88AEEBBB9FF88301F10816AE509A7265DB746E46CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00475080, Relevance: 94.7, APIs: 43, Strings: 11, Instructions: 236COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,ClsManifestation), ref: 0047511B
                                      • __vbaStrMove.MSVBVM60 ref: 00475128
                                      • __vbaStrCat.MSVBVM60(This class allows you to add The option for your XP users to choose between Classic and WindowsXP appearance,00000000), ref: 00475130
                                      • __vbaStrMove.MSVBVM60 ref: 00475137
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0047513F
                                      • __vbaStrMove.MSVBVM60 ref: 00475146
                                      • __vbaStrCat.MSVBVM60(for your program. You need only add 4 lines to your code,00000000), ref: 0047514E
                                      • __vbaStrMove.MSVBVM60 ref: 00475155
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0047515D
                                      • __vbaStrMove.MSVBVM60 ref: 00475164
                                      • __vbaStrCat.MSVBVM60(1. Add 'Public Manfst As New ClsManifestation' to top of any module or form(that loads first),00000000), ref: 0047516C
                                      • __vbaStrMove.MSVBVM60 ref: 00475173
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0047517B
                                      • __vbaStrMove.MSVBVM60 ref: 00475182
                                      • __vbaStrCat.MSVBVM60(2. Add 'ManFst.Manifest' to Sub Form_Initialize() of first form loaded by your program,00000000), ref: 0047518A
                                      • __vbaStrMove.MSVBVM60 ref: 00475191
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00475199
                                      • __vbaStrMove.MSVBVM60 ref: 004751A0
                                      • __vbaStrCat.MSVBVM60(3. Add 'ManFst.CommandButton CommandButton1' or any of the other controls possible (See Routines for additional paramaters),00000000), ref: 004751A8
                                      • __vbaStrMove.MSVBVM60 ref: 004751AF
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004751B7
                                      • __vbaStrMove.MSVBVM60 ref: 004751BE
                                      • __vbaStrCat.MSVBVM60(4. Add 'Manfst.Action' to the click event.,00000000), ref: 004751C6
                                      • __vbaStrMove.MSVBVM60 ref: 004751CD
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004751D5
                                      • __vbaStrMove.MSVBVM60 ref: 004751DC
                                      • __vbaStrCat.MSVBVM60(That's it. The control will take a caption or icon(if you provide one) indicating either present or alternative appearance.,00000000), ref: 004751E4
                                      • __vbaStrMove.MSVBVM60 ref: 004751EB
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 004751F3
                                      • __vbaStrMove.MSVBVM60 ref: 004751FA
                                      • __vbaStrCat.MSVBVM60(When clicked the user is offered the option to restart immediately to see the effect or waiting until next launch.,00000000), ref: 00475202
                                      • __vbaStrMove.MSVBVM60 ref: 00475209
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00475211
                                      • __vbaStrMove.MSVBVM60 ref: 00475218
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00475220
                                      • __vbaStrMove.MSVBVM60 ref: 00475227
                                      • __vbaStrCat.MSVBVM60(Please download 'ClsManifestation ver 3' at www.planet-source-code.com for a full description and Demo.,00000000), ref: 0047522F
                                      • __vbaStrMove.MSVBVM60 ref: 00475236
                                      • __vbaFreeStrList.MSVBVM60(00000012,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00475282
                                      • __vbaVarDup.MSVBVM60 ref: 004752C4
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 004752F4
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0047530B
                                      • __vbaFreeStr.MSVBVM60(00475390), ref: 00475389
                                      Strings
                                      • +@, xrefs: 004750B1, 004750B4
                                      • When clicked the user is offered the option to restart immediately to see the effect or waiting until next launch., xrefs: 004751FD
                                      • for your program. You need only add 4 lines to your code, xrefs: 00475149
                                      • 3. Add 'ManFst.CommandButton CommandButton1' or any of the other controls possible (See Routines for additional paramaters), xrefs: 004751A3
                                      • 4. Add 'Manfst.Action' to the click event., xrefs: 004751C1
                                      • Please download 'ClsManifestation ver 3' at www.planet-source-code.com for a full description and Demo., xrefs: 0047522A
                                      • That's it. The control will take a caption or icon(if you provide one) indicating either present or alternative appearance., xrefs: 004751DF
                                      • 1. Add 'Public Manfst As New ClsManifestation' to top of any module or form(that loads first), xrefs: 00475167
                                      • ClsManifestation, xrefs: 004750C0, 004752B0
                                      • 2. Add 'ManFst.Manifest' to Sub Form_Initialize() of first form loaded by your program, xrefs: 00475185
                                      • This class allows you to add The option for your XP users to choose between Classic and WindowsXP appearance, xrefs: 0047512B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List$#595
                                      • String ID: 1. Add 'Public Manfst As New ClsManifestation' to top of any module or form(that loads first)$2. Add 'ManFst.Manifest' to Sub Form_Initialize() of first form loaded by your program$3. Add 'ManFst.CommandButton CommandButton1' or any of the other controls possible (See Routines for additional paramaters)$4. Add 'Manfst.Action' to the click event.$ClsManifestation$Please download 'ClsManifestation ver 3' at www.planet-source-code.com for a full description and Demo.$That's it. The control will take a caption or icon(if you provide one) indicating either present or alternative appearance.$This class allows you to add The option for your XP users to choose between Classic and WindowsXP appearance$When clicked the user is offered the option to restart immediately to see the effect or waiting until next launch.$for your program. You need only add 4 lines to your code$+@
                                      • API String ID: 1715021525-1471418435
                                      • Opcode ID: 2774e6ef196912ed6b0976ab6c15008f47a32242f94f25f8a15463a0b54c190b
                                      • Instruction ID: a6f884413655bb28d45d1c4bed090b647ee3fa2c42087c1d87ce395e265c4136
                                      • Opcode Fuzzy Hash: 2774e6ef196912ed6b0976ab6c15008f47a32242f94f25f8a15463a0b54c190b
                                      • Instruction Fuzzy Hash: D181EAB1D0021CAECB15DFA9CC95EEEBBB9FF88300F20816BE406A6154DB741A45CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004566B0, Relevance: 93.2, APIs: 51, Strings: 2, Instructions: 406COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60 ref: 0045670C
                                      • __vbaVarMove.MSVBVM60 ref: 0045673C
                                      • __vbaForEachVar.MSVBVM60(?,?,?,?,?,?), ref: 0045675A
                                      • __vbaStrVarVal.MSVBVM60(?,?,?), ref: 0045677A
                                      • #616.MSVBVM60(00000000), ref: 00456781
                                      • __vbaStrMove.MSVBVM60 ref: 0045678C
                                      • __vbaStrCat.MSVBVM60(0041071C,?,00000000), ref: 0045679A
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 004567A5
                                      • __vbaStrCmp.MSVBVM60(00000000,?,00000000), ref: 004567A8
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000), ref: 004567C5
                                      • __vbaNextEachVar.MSVBVM60(?,?,?,?,?), ref: 004567F0
                                      • __vbaStrCat.MSVBVM60(0041071C), ref: 00456808
                                      • __vbaStrMove.MSVBVM60 ref: 00456813
                                      • __vbaStrI4.MSVBVM60(-00000001,00000000), ref: 00456820
                                      • __vbaStrMove.MSVBVM60 ref: 0045682B
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045682E
                                      • #717.MSVBVM60(?,?,00000003,00000000), ref: 00456849
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 00456853
                                      • __vbaStrMove.MSVBVM60 ref: 0045685E
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0045686A
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 0045687A
                                      • __vbaAryUnlock.MSVBVM60(?,004568E5), ref: 004568C5
                                      • __vbaFreeObj.MSVBVM60 ref: 004568CE
                                      • __vbaFreeVar.MSVBVM60 ref: 004568DD
                                      • __vbaFreeVar.MSVBVM60 ref: 004568E2
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00456902
                                      • #717.MSVBVM60(?,?,00000003,00000000,?,00000000,00000000), ref: 004569A7
                                      • __vbaVarCat.MSVBVM60(?,?,?,00000004,?,?,?,?,00000000,00000000), ref: 00456A20
                                      • __vbaVarCat.MSVBVM60(?,?,00000000,?,00000000,00000000), ref: 00456A2E
                                      • #595.MSVBVM60(00000000,?,00000000,00000000), ref: 00456A31
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List$#717Each$#595#616BstrErrorNextOverflowUnlock
                                      • String ID: Are you sure you want to delete '$/@
                                      • API String ID: 4150183524-3910526757
                                      • Opcode ID: d8dc975af83ad95981d1efbaed6a9af3b98f07d261df9545eda52bca92ff547b
                                      • Instruction ID: f6d0024a689a92378cfd7c7e60c055c63128026ca36add3fcc23b586bc5effd8
                                      • Opcode Fuzzy Hash: d8dc975af83ad95981d1efbaed6a9af3b98f07d261df9545eda52bca92ff547b
                                      • Instruction Fuzzy Hash: 1BF1EAB1900219AFDB14DFA4DD84EDEBB78FF48700F10815AF506A7260DB746A89CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00448F30, Relevance: 89.6, APIs: 49, Strings: 2, Instructions: 306COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,004497AD), ref: 00448F81
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00448F92
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00448F9C
                                      • __vbaStrMove.MSVBVM60 ref: 00448FAD
                                      • __vbaFreeVar.MSVBVM60 ref: 00448FB2
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,00000001), ref: 00448FCA
                                      • __vbaInStr.MSVBVM60(00000000,0041071C,?,00000000), ref: 00448FD7
                                      • #616.MSVBVM60(?,00000000), ref: 00448FEE
                                      • __vbaStrMove.MSVBVM60 ref: 00448FF9
                                      • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00449008
                                      • __vbaStrMove.MSVBVM60 ref: 0044900F
                                      • #631.MSVBVM60(?,-00000001,0000000A,00000000), ref: 00449024
                                      • __vbaStrMove.MSVBVM60 ref: 0044902F
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00449032
                                      • __vbaStrMove.MSVBVM60 ref: 00449039
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00449049
                                      • __vbaFreeVar.MSVBVM60 ref: 00449055
                                      • #713.MSVBVM60(?,00000001), ref: 00449061
                                      • __vbaStrMove.MSVBVM60 ref: 0044906C
                                      • __vbaInStr.MSVBVM60(00000000,00412C2C,00000000), ref: 00449076
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00449082
                                      • __vbaFreeStr.MSVBVM60 ref: 00449097
                                      • #616.MSVBVM60(?,00000000), ref: 004490B0
                                      • __vbaStrMove.MSVBVM60 ref: 004490BB
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 004490C4
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 004490CB
                                      • #631.MSVBVM60(?,-00000001,0000000A,00000000,?,00000000), ref: 004490E0
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 004490EB
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000), ref: 004490EE
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 004490F5
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000), ref: 00449105
                                      • __vbaFreeVar.MSVBVM60 ref: 00449111
                                      • __vbaLateIdSt.MSVBVM60(?,0000000B), ref: 0044913B
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00449147
                                      • __vbaFreeObj.MSVBVM60(00449188), ref: 00449178
                                      • __vbaFreeStr.MSVBVM60 ref: 00449181
                                      • __vbaErrorOverflow.MSVBVM60(0000000A,00000000), ref: 004491A7
                                      • __vbaObjSetAddref.MSVBVM60(004015F0), ref: 00449204
                                      • __vbaObjSetAddref.MSVBVM60(004015EC), ref: 00449214
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000013,00000000), ref: 00449234
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044923E
                                      • __vbaStrMove.MSVBVM60 ref: 00449249
                                      • __vbaStrCopy.MSVBVM60 ref: 00449253
                                      • __vbaFreeStr.MSVBVM60 ref: 0044925C
                                      • __vbaFreeVar.MSVBVM60 ref: 00449265
                                      • __vbaLateIdSt.MSVBVM60(?,00000013), ref: 00449290
                                      • __vbaStrCopy.MSVBVM60 ref: 004492C2
                                      • __vbaFreeStr.MSVBVM60 ref: 004492CB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004015B8,00410EB8,00000064), ref: 004492E5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$AddrefLate$#616#631CallCopyList$#713BstrCheckErrorHresultOverflow
                                      • String ID: \fs$/@
                                      • API String ID: 2101015915-1669699610
                                      • Opcode ID: 089f39672fea200a74814f6ccb7c45db4b57a61fe2235a9f6db1586d2ddc3ff7
                                      • Instruction ID: a7b8062bebb2ab3ff4ba797329f1559995f5d4079f0790df9c54f37e10a2ac6c
                                      • Opcode Fuzzy Hash: 089f39672fea200a74814f6ccb7c45db4b57a61fe2235a9f6db1586d2ddc3ff7
                                      • Instruction Fuzzy Hash: 60C10D75D00209AFDB04DFA5DD88EEEBBB9FF88700F10812AE506A7264DB745945CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00468860, Relevance: 87.9, APIs: 48, Strings: 2, Instructions: 382COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 004688D0
                                      • __vbaVarVargNofree.MSVBVM60(?,00000001), ref: 00468901
                                      • __vbaInStrVar.MSVBVM60(?,00000000,00000000), ref: 0046890D
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00468914
                                      • __vbaFreeVar.MSVBVM60 ref: 0046891F
                                      • __vbaInStr.MSVBVM60(00000000,-00000001,?,-00000001), ref: 00468944
                                      • #616.MSVBVM60(?,-00000001), ref: 0046895B
                                      • __vbaLenBstr.MSVBVM60(?,?), ref: 0046899C
                                      • #631.MSVBVM60(?,00000000), ref: 004689B2
                                      • __vbaVarVargNofree.MSVBVM60(?), ref: 004689CE
                                      • __vbaVarCat.MSVBVM60(?,00000000), ref: 004689DF
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 004689ED
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 004689FB
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00468A0C
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00468A0F
                                      • __vbaStrMove.MSVBVM60 ref: 00468A1A
                                      • __vbaFreeVarList.MSVBVM60(00000007,?,?,?,0000000A,?,?,?), ref: 00468A44
                                      • __vbaVarVargNofree.MSVBVM60(?,00000001), ref: 00468A7F
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00468A91
                                      • __vbaInStrVar.MSVBVM60(?,00000000,00000000), ref: 00468A99
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 00468AA0
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00468AB6
                                      • __vbaVarVargNofree.MSVBVM60(00412C18,00000001,000000FF,00000000), ref: 00468AF0
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00468B02
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 00468B09
                                      • #712.MSVBVM60(?,00000000), ref: 00468B14
                                      • __vbaStrMove.MSVBVM60 ref: 00468B1F
                                      • __vbaFreeStr.MSVBVM60 ref: 00468B28
                                      • __vbaFreeVar.MSVBVM60 ref: 00468B31
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 00468B42
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00468B93
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00468BAB
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00468BB9
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00468BC7
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00468BCA
                                      • __vbaStrMove.MSVBVM60 ref: 00468BD5
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 00468C79
                                      • __vbaStrCopy.MSVBVM60 ref: 00468C88
                                      • __vbaFreeStr.MSVBVM60(00468CE5), ref: 00468CDE
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00468D02
                                      • __vbaObjSetAddref.MSVBVM60(?), ref: 00468D5B
                                      • __vbaObjSetAddref.MSVBVM60(?), ref: 00468D67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$MoveNofreeVarg$List$AddrefBstrCopy$#616#631#712BoolErrorNullOverflow
                                      • String ID: X)@$/@
                                      • API String ID: 584523539-1465886360
                                      • Opcode ID: 7820670fc8041119c4d5822196847b2db01d26599919612b76903b62dad89e7a
                                      • Instruction ID: dec395665655440e88d4cb7697dcfa883cbe9bcc6a221dbe7af89c69160a2b19
                                      • Opcode Fuzzy Hash: 7820670fc8041119c4d5822196847b2db01d26599919612b76903b62dad89e7a
                                      • Instruction Fuzzy Hash: 87F1FDB5D00219AFDB54DF94DD84EDEBBB9FF48300F10819AE509A7260DB346989CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00449E50, Relevance: 87.8, APIs: 36, Strings: 14, Instructions: 270COMMON
                                      Download Yara Rule
                                      APIs
                                      • #517.MSVBVM60(00000000), ref: 00449EB1
                                      • __vbaStrMove.MSVBVM60 ref: 00449EC5
                                      • __vbaStrCmp.MSVBVM60(beige,?), ref: 00449ED9
                                      • __vbaStrCmp.MSVBVM60(mauve,?), ref: 00449EFC
                                      • #588.MSVBVM60(000000AF,000000AF,000000AF), ref: 0044A1C9
                                      • __vbaFreeStr.MSVBVM60(0044A217), ref: 0044A210
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#517#588FreeMove
                                      • String ID: does not exist or is misspelled.$ColourNamed Error$Specified ColourNamed $beige$don't care$dumb luck$gray$grey$limegreen$marigold$mauve$palegreen$pink$random
                                      • API String ID: 1124915815-1695983256
                                      • Opcode ID: 55e15769ee105e493de12878f87e89320e438031f7899f926a9b54b323ec7705
                                      • Instruction ID: 6eefe17a0f2adf5ce72f5b9b0439169dbc4533c26661633732bf101c4b6a89e8
                                      • Opcode Fuzzy Hash: 55e15769ee105e493de12878f87e89320e438031f7899f926a9b54b323ec7705
                                      • Instruction Fuzzy Hash: A2A16E70A80309AFEB10CB95CE45FAEBBB8AF44700F10416BF505A6294DAB45E45CF6A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407DAF, Relevance: 86.2, APIs: 46, Strings: 3, Instructions: 415COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60(?,660E6C30,660E6A76), ref: 0045FF43
                                      • __vbaStrErrVarCopy.MSVBVM60(00000000), ref: 0045FF46
                                      • __vbaStrMove.MSVBVM60 ref: 0045FF57
                                      • __vbaFreeStr.MSVBVM60 ref: 0045FF7F
                                      • __vbaStrCopy.MSVBVM60(004605A5), ref: 0045FFCC
                                      • __vbaFreeStr.MSVBVM60 ref: 00460000
                                      • __vbaLenVar.MSVBVM60(?,00000000), ref: 0046004A
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00460051
                                      • __vbaStrCat.MSVBVM60(\fs,?), ref: 004600A9
                                      • __vbaStrI2.MSVBVM60(00000000,00000000), ref: 004600BE
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004600CC
                                      • __vbaStrCat.MSVBVM60(0041071C,00000000), ref: 004600DF
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 00460102
                                      • #631.MSVBVM60(00000000), ref: 00460109
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00460117
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 0046013E
                                      • __vbaFreeVar.MSVBVM60 ref: 0046014A
                                      • __vbaVargVarCopy.MSVBVM60 ref: 00460179
                                      • __vbaInStrVar.MSVBVM60(00000002,00000000,00000008,00000000), ref: 004601AC
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 004601B3
                                      • __vbaFreeVar.MSVBVM60 ref: 004601C2
                                      • __vbaInStrVar.MSVBVM60(00000002,00000000,00000008,00000000), ref: 0046020A
                                      • __vbaVarSub.MSVBVM60(?,00000002,00000000), ref: 0046021C
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00460223
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0046023A
                                      • #616.MSVBVM60(00000000), ref: 00460241
                                      • __vbaFreeStr.MSVBVM60 ref: 00460251
                                      • __vbaFreeVar.MSVBVM60 ref: 0046025A
                                      • __vbaInStrVar.MSVBVM60(00000002,00000000,00000008,00000000), ref: 00460295
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0046029C
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 004602B3
                                      • #631.MSVBVM60(00000000), ref: 004602BA
                                      • __vbaFreeStr.MSVBVM60 ref: 004602CA
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,0000000A), ref: 0046042E
                                      • __vbaLenBstr.MSVBVM60(?), ref: 0046043B
                                      • __vbaStrCat.MSVBVM60(\fs,?), ref: 00460499
                                      • __vbaStrI2.MSVBVM60(?,00000000), ref: 004604AA
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000), ref: 004604B8
                                      • __vbaStrCat.MSVBVM60(0041071C,00000000,?,00000000), ref: 004604C7
                                      • __vbaFreeStr.MSVBVM60(004605A5), ref: 00460598
                                      • __vbaFreeStr.MSVBVM60 ref: 0046059D
                                      • __vbaFreeStr.MSVBVM60 ref: 004605A2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy$#631ListVarg$#616BoolBstrMoveNofreeNull
                                      • String ID: \fs$\tab$~!~!~!*~!
                                      • API String ID: 305348130-2923024438
                                      • Opcode ID: 3aa98e684a606ea6a998b0a274342b4e721f89f84146dcfe34d18b5b321400b9
                                      • Instruction ID: e60e1ceaa6a1435da6e3117dd65bbe5b226ae17d0fc7b4ddfd4683c36fe71a16
                                      • Opcode Fuzzy Hash: 3aa98e684a606ea6a998b0a274342b4e721f89f84146dcfe34d18b5b321400b9
                                      • Instruction Fuzzy Hash: 6A02EEB5900209AFDB04DFA4DD88EEEBBB9FF48300F108159E506E7254EB74A945CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00469140, Relevance: 84.5, APIs: 34, Strings: 14, Instructions: 467COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410D9C,00000148,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004691A7
                                      • __vbaSetSystemError.MSVBVM60(?,0000000B,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004691BA
                                      • __vbaStrCopy.MSVBVM60 ref: 004691F4
                                      • __vbaFreeStr.MSVBVM60 ref: 00469208
                                      • __vbaStrCopy.MSVBVM60 ref: 0046923C
                                      • __vbaFreeStr.MSVBVM60 ref: 00469250
                                      • __vbaStrCopy.MSVBVM60 ref: 00469284
                                      • __vbaFreeStr.MSVBVM60 ref: 00469298
                                      • __vbaStrCopy.MSVBVM60 ref: 004692CC
                                      • __vbaFreeStr.MSVBVM60 ref: 004692E0
                                      • __vbaStrCopy.MSVBVM60 ref: 00469314
                                      • __vbaFreeStr.MSVBVM60 ref: 00469328
                                      • __vbaStrCopy.MSVBVM60 ref: 00469359
                                      • __vbaFreeStr.MSVBVM60 ref: 0046936D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410D9C,00000158), ref: 00469396
                                      • __vbaStrCopy.MSVBVM60 ref: 004693D0
                                      • __vbaFreeStr.MSVBVM60 ref: 004693E4
                                      • __vbaStrCopy.MSVBVM60 ref: 00469418
                                      • __vbaFreeStr.MSVBVM60 ref: 0046942C
                                      • __vbaStrCopy.MSVBVM60 ref: 00469460
                                      • __vbaFreeStr.MSVBVM60 ref: 00469474
                                      • __vbaStrCopy.MSVBVM60 ref: 004694A8
                                      • __vbaFreeStr.MSVBVM60 ref: 004694BC
                                      • __vbaStrCopy.MSVBVM60 ref: 004694F0
                                      • __vbaFreeStr.MSVBVM60 ref: 00469504
                                      • __vbaStrCopy.MSVBVM60 ref: 00469538
                                      • __vbaFreeStr.MSVBVM60 ref: 0046954C
                                      • __vbaStrCopy.MSVBVM60 ref: 00469580
                                      • __vbaFreeStr.MSVBVM60 ref: 00469594
                                      • __vbaStrCopy.MSVBVM60 ref: 004695C8
                                      • __vbaFreeStr.MSVBVM60 ref: 004695DC
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410D9C,000000F4), ref: 00469605
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410D9C,00000148), ref: 0046962E
                                      • __vbaSetSystemError.MSVBVM60(00000005,0000000B,000000FF,00000000), ref: 00469643
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFree$CheckHresult$ErrorSystem
                                      • String ID: 100%$150%$200%$25%$250%$300%$350%$400%$450%$50%$500%$75%$80%$90%
                                      • API String ID: 2074092715-453791459
                                      • Opcode ID: 2039a982762ae24a0a3c31c73f4ba1ba6e2b07e02dbaa2840f119e28ca416856
                                      • Instruction ID: 06184291aab2f3ba93644b2aba64f4d2f3f7e48a17d952c7fb99aa6ac4591370
                                      • Opcode Fuzzy Hash: 2039a982762ae24a0a3c31c73f4ba1ba6e2b07e02dbaa2840f119e28ca416856
                                      • Instruction Fuzzy Hash: 8A12C3B090020A9FDB04DF95C999DEEBBB8FF98304F10851DE506B7294E7B4A949CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044F140, Relevance: 81.0, APIs: 43, Strings: 3, Instructions: 452COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,.?!:), ref: 0044F1D3
                                      • __vbaStrMove.MSVBVM60 ref: 0044F1E0
                                      • __vbaStrCat.MSVBVM60(0041362C,00000000), ref: 0044F1E8
                                      • __vbaStrMove.MSVBVM60 ref: 0044F1EF
                                      • __vbaFreeStr.MSVBVM60 ref: 0044F1FA
                                      • __vbaStrCat.MSVBVM60(004106F8,.?!:), ref: 0044F206
                                      • __vbaStrMove.MSVBVM60 ref: 0044F20D
                                      • __vbaStrCat.MSVBVM60(0041362C,00000000), ref: 0044F215
                                      • __vbaStrMove.MSVBVM60 ref: 0044F21C
                                      • __vbaFreeStr.MSVBVM60 ref: 0044F221
                                      • __vbaStrCopy.MSVBVM60 ref: 0044F234
                                      • __vbaStrCmp.MSVBVM60(00413634,?), ref: 0044F242
                                      • __vbaStrCopy.MSVBVM60 ref: 0044F254
                                      • __vbaStrCopy.MSVBVM60 ref: 0044F25E
                                      • __vbaStrCmp.MSVBVM60(0041363C,?), ref: 0044F26E
                                      • __vbaStrCat.MSVBVM60( ,;,?), ref: 0044F281
                                      • __vbaStrMove.MSVBVM60 ref: 0044F288
                                      • __vbaStrCat.MSVBVM60( ,;,?), ref: 0044F293
                                      • __vbaStrMove.MSVBVM60 ref: 0044F29A
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044F2AC
                                      • __vbaLateIdCall.MSVBVM60(?,00000023,00000003), ref: 0044F34F
                                      • __vbaLateIdCall.MSVBVM60(?,00000023,00000003), ref: 0044F3B5
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0044F3CA
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044F3D4
                                      • __vbaLateIdCall.MSVBVM60(?,00000023,00000003), ref: 0044F499
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0044F4AE
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044F4B8
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0044F4E8
                                      • __vbaFreeVar.MSVBVM60 ref: 0044F4F1
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044F501
                                      • __vbaFreeStr.MSVBVM60(0044F546), ref: 0044F52D
                                      • __vbaFreeObj.MSVBVM60 ref: 0044F535
                                      • __vbaFreeStr.MSVBVM60 ref: 0044F53E
                                      • __vbaFreeStr.MSVBVM60 ref: 0044F543
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$LateMove$Call$Copy$Addref
                                      • String ID: ,;$.?!:$/@
                                      • API String ID: 2717733725-634938534
                                      • Opcode ID: 3648669b5eaf888c5e1ae5d7bfaed09e5a2d0f8dabe96a929b921f2301b8d9b9
                                      • Instruction ID: 1477513a49d1331f9142407b0927297541114f0f9135a1bb3971d5fb04346bc4
                                      • Opcode Fuzzy Hash: 3648669b5eaf888c5e1ae5d7bfaed09e5a2d0f8dabe96a929b921f2301b8d9b9
                                      • Instruction Fuzzy Hash: 8B025170E002099FDB14DF69C985AAEFBB5FF48300F10816AE509EB391DB759946CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004460D0, Relevance: 80.9, APIs: 37, Strings: 9, Instructions: 358COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00446147
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410E88,00000044), ref: 0044616C
                                      • __vbaStrMove.MSVBVM60 ref: 0044617E
                                      • __vbaStrCmp.MSVBVM60(bold,?), ref: 00446196
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004461B3
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000), ref: 004461BA
                                      • __vbaVarNot.MSVBVM60(?,00000000), ref: 004461C8
                                      • __vbaStrCmp.MSVBVM60(italic,?), ref: 004461F9
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0044621A
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000), ref: 00446221
                                      • __vbaVarNot.MSVBVM60(?,00000000), ref: 0044622F
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00446260
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 00446263
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00446273
                                      • __vbaFreeVar.MSVBVM60 ref: 0044627F
                                      • __vbaStrCmp.MSVBVM60(underline,?), ref: 00446296
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 004462B4
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 004462D0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000048), ref: 004462F5
                                      • __vbaStrMove.MSVBVM60 ref: 00446304
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000C4), ref: 00446330
                                      • __vbaFreeStr.MSVBVM60 ref: 00446339
                                      • __vbaStrCmp.MSVBVM60(fontincrease,?), ref: 00446350
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00446368
                                      • __vbaStrCmp.MSVBVM60(fontdecrease,?), ref: 004463AD
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004463C5
                                      • __vbaStrCmp.MSVBVM60(restore,?), ref: 00446406
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 0044641E
                                      • __vbaStrCmp.MSVBVM60(activeupdate,?), ref: 00446458
                                      • __vbaStrCmp.MSVBVM60(manifest,?), ref: 00446478
                                      • __vbaVarDup.MSVBVM60(?), ref: 004464C9
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 004464E0
                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 004464F8
                                      • __vbaNew2.MSVBVM60(00406514,00482034,?), ref: 00446515
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411D10,00000020), ref: 00446536
                                      • __vbaFreeStr.MSVBVM60(00446598), ref: 00446588
                                      • __vbaFreeObj.MSVBVM60 ref: 00446591
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeNew2$CheckHresult$Late$CallListMove$#595Addref
                                      • String ID: Changing the manifest only works with compiled program$activeupdate$bold$fontdecrease$fontincrease$italic$manifest$restore$underline
                                      • API String ID: 205260863-1930461971
                                      • Opcode ID: 6af0621de59f7882f43b37024f068ac2def7ce8dd9c843c493ba9f350aeb2d92
                                      • Instruction ID: 4fb4dbc3809a168bdb3c370d23628e8bf7e944a4e1055dc9dcd5ffb53a0c3e1f
                                      • Opcode Fuzzy Hash: 6af0621de59f7882f43b37024f068ac2def7ce8dd9c843c493ba9f350aeb2d92
                                      • Instruction Fuzzy Hash: 8AD1A0B0900209EFEB10DF94DD84EAEBBB4FF49704F11816AE505A72A0D7749986CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045BB60, Relevance: 79.0, APIs: 43, Strings: 2, Instructions: 262COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 0045BBCE
                                      • __vbaStrVarVal.MSVBVM60(?,?,?,000000FF,00000000), ref: 0045BBE9
                                      • #711.MSVBVM60(?,00000000), ref: 0045BBF0
                                      • __vbaVarMove.MSVBVM60 ref: 0045BBFC
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BC0B
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045BC17
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001,00000002), ref: 0045BC51
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045BC5B
                                      • #581.MSVBVM60(00000000), ref: 0045BC5E
                                      • __vbaFpI2.MSVBVM60 ref: 0045BC64
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BC73
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BC78
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045BCAB
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045BCB5
                                      • #581.MSVBVM60(00000000), ref: 0045BCB8
                                      • __vbaFpI2.MSVBVM60 ref: 0045BCBE
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BCCD
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BCD2
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045BD08
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045BD12
                                      • #581.MSVBVM60(00000000), ref: 0045BD15
                                      • __vbaFpI2.MSVBVM60 ref: 0045BD1B
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BD2A
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BD2F
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045BD65
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045BD6F
                                      • #581.MSVBVM60(00000000), ref: 0045BD72
                                      • __vbaFpI2.MSVBVM60 ref: 0045BD78
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BD87
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BD8C
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045BDC2
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045BDCC
                                      • #581.MSVBVM60(00000000), ref: 0045BDCF
                                      • __vbaFpI2.MSVBVM60 ref: 0045BDD5
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BDE4
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BDE9
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045BE1F
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045BE29
                                      • #581.MSVBVM60(00000000), ref: 0045BE2C
                                      • __vbaFpCDblR8.MSVBVM60 ref: 0045BE32
                                      • __vbaFreeStr.MSVBVM60 ref: 0045BE40
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BE45
                                      • __vbaFreeVar.MSVBVM60(0045BE7E), ref: 0045BE77
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#581IndexLoad$#711ListMove
                                      • String ID: !@$/@
                                      • API String ID: 1701577042-3485588704
                                      • Opcode ID: 4a1d8076e3e8104cd11da8773a002e71b782d3fca5bbffeb51ea8a28fce85fc4
                                      • Instruction ID: cb31d3e611219ee72bdefdbac2d0ba714e143536d88851d5ea183e83c914a3f1
                                      • Opcode Fuzzy Hash: 4a1d8076e3e8104cd11da8773a002e71b782d3fca5bbffeb51ea8a28fce85fc4
                                      • Instruction Fuzzy Hash: D3B1EEB5D002099FDB04EFA8D9889DDFFB8FF48300F14866AE806AB255DB749985CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044ED10, Relevance: 78.9, APIs: 19, Strings: 26, Instructions: 156COMMON
                                      Download Yara Rule
                                      APIs
                                      • #517.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044ED58
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044ED63
                                      • __vbaStrCmp.MSVBVM60(you,?,?,?,?,?,?,?,?,00402FE6), ref: 0044ED78
                                      • __vbaStrCmp.MSVBVM60(might,?,?,?,?,?,?,?,?,00402FE6), ref: 0044ED91
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044EED3
                                      • __vbaFreeStr.MSVBVM60(0044EEF4,?,?,?,?,?,?,?,00402FE6), ref: 0044EEED
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#517CopyFreeMove
                                      • String ID: Anda$NO TRANSLATION$bahasa$bi-lingual$dwi$dwi-bahasa$for$instan$instant$lingual$memakai$might$mungkin$nya$program-program$programs$sebagai$sesuatu$sistem$system$terjemahkan$translation$untuk$use$you$/@
                                      • API String ID: 3050005471-221186668
                                      • Opcode ID: 228a5a3531410d3c9e5b6ee548ba634ac6220cb19822664aa151442cc84eb598
                                      • Instruction ID: e2b33880463ecdd442cadf0af0b7aad61472c5483b65640c9b8809a1fed5dbd8
                                      • Opcode Fuzzy Hash: 228a5a3531410d3c9e5b6ee548ba634ac6220cb19822664aa151442cc84eb598
                                      • Instruction Fuzzy Hash: 18513470E0021AEBAB109F96DD41DBB7A6AFB54B41B30C127A81197244D77CDD438BAE
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044B130, Relevance: 77.3, APIs: 43, Strings: 1, Instructions: 332COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 0044B196
                                      • #711.MSVBVM60(?,?,?,000000FF,00000000), ref: 0044B1AD
                                      • __vbaVarMove.MSVBVM60(?,?,000000FF,00000000), ref: 0044B1B9
                                      • __vbaFreeVar.MSVBVM60(?,?,000000FF,00000000), ref: 0044B1C2
                                      • __vbaRefVarAry.MSVBVM60(?,?,?,000000FF,00000000), ref: 0044B1D2
                                      • __vbaUbound.MSVBVM60(00000001,?,?,?,000000FF,00000000), ref: 0044B1D9
                                      • __vbaI2I4.MSVBVM60(?,?,?,000000FF,00000000), ref: 0044B1E7
                                      • __vbaRefVarAry.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B1F3
                                      • __vbaLbound.MSVBVM60(00000001,?,?,?,?,000000FF,00000000), ref: 0044B1FA
                                      • __vbaI2I4.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B202
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001,00000000), ref: 0044B24B
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044B255
                                      • __vbaStrMove.MSVBVM60 ref: 0044B260
                                      • __vbaFreeVar.MSVBVM60 ref: 0044B265
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044B26E
                                      • __vbaStrCat.MSVBVM60(?,00412B64,-00000001), ref: 0044B28D
                                      • __vbaStrMove.MSVBVM60 ref: 0044B294
                                      • __vbaStrCat.MSVBVM60(0041071C,00000000), ref: 0044B29C
                                      • __vbaStrMove.MSVBVM60 ref: 0044B2A3
                                      • #616.MSVBVM60(00000000), ref: 0044B2A6
                                      • __vbaStrMove.MSVBVM60 ref: 0044B2B1
                                      • __vbaStrCat.MSVBVM60(0041071C,?,00000000), ref: 0044B2BC
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0044B2C3
                                      • __vbaStrCmp.MSVBVM60(00000000,?,00000000), ref: 0044B2C6
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?,?,00000000), ref: 0044B2E7
                                      • #631.MSVBVM60(?,00000002,?), ref: 0044B310
                                      • __vbaStrMove.MSVBVM60(?,00000002,?), ref: 0044B31B
                                      • __vbaStrMove.MSVBVM60(00412C18,00000001,000000FF,00000000,?,00000002,?), ref: 0044B335
                                      • #712.MSVBVM60(?,00000000,?,00000002,?), ref: 0044B33C
                                      • __vbaStrMove.MSVBVM60(?,00000002,?), ref: 0044B347
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,?,00000002,?), ref: 0044B353
                                      • __vbaFreeVar.MSVBVM60 ref: 0044B35F
                                      • __vbaVarIndexLoadRefLock.MSVBVM60(0000000A,?,?,00000001), ref: 0044B397
                                      • __vbaAryUnlock.MSVBVM60(?), ref: 0044B3C6
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 0044B407
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?), ref: 0044B417
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B441
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B468
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B46D
                                      • __vbaFreeStr.MSVBVM60(0044B4CA,?,?,?,?,000000FF,00000000), ref: 0044B4B9
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B4BE
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,000000FF,00000000), ref: 0044B4C3
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0044B4DF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$IndexList$Load$#616#631#711#712BstrCopyErrorLboundLockOverflowStoreUboundUnlock
                                      • String ID: /@
                                      • API String ID: 1451575073-2163338593
                                      • Opcode ID: 9b8a9de0e6fbe67aca1bac24335690de0aa3d5b321f5913dec0b090eb757379a
                                      • Instruction ID: 69874dffa4c7b05f4289d7d5288d8d93f43e350b3dc6ce8ae28a0fc3b8deda1a
                                      • Opcode Fuzzy Hash: 9b8a9de0e6fbe67aca1bac24335690de0aa3d5b321f5913dec0b090eb757379a
                                      • Instruction Fuzzy Hash: 19D11CB5D00209AFDB04DFA4DD85AEEFBB9FF48300F10812AE506A7264DB746945CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00467190, Relevance: 77.3, APIs: 34, Strings: 10, Instructions: 280COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,/@,Description,00000000), ref: 0046724D
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00467257
                                      • __vbaStrMove.MSVBVM60 ref: 00467262
                                      • __vbaFreeVar.MSVBVM60 ref: 00467271
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,/@,Description,00000000), ref: 00467292
                                      • __vbaVarTstEq.MSVBVM60(00008008,00000000), ref: 004672A3
                                      • __vbaFreeVar.MSVBVM60 ref: 004672AE
                                      • __vbaObjIs.MSVBVM60(?,00000000), ref: 004672C7
                                      • __vbaStrCopy.MSVBVM60 ref: 004672D6
                                      • __vbaObjIs.MSVBVM60(?,00000000), ref: 004672E1
                                      • __vbaStrCopy.MSVBVM60 ref: 004672F0
                                      • __vbaVarDup.MSVBVM60 ref: 0046734C
                                      • __vbaVarDup.MSVBVM60 ref: 00467367
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00467373
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00467381
                                      • #681.MSVBVM60(?,?,?,?), ref: 004673AB
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,/@,Description,00000000), ref: 004673FE
                                      • __vbaVarCat.MSVBVM60(?,00008008,00000000), ref: 00467419
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00467427
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00467435
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00467446
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00467457
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00467468
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00467479
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 0046748A
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0046748D
                                      • __vbaStrMove.MSVBVM60 ref: 00467498
                                      • __vbaFreeVarList.MSVBVM60(0000000D,?,?,?,00000003,?,?,?,?,?,?,?,?,?), ref: 004674E9
                                      • __vbaVarDup.MSVBVM60 ref: 00467528
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00467555
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 00467569
                                      • __vbaFreeStr.MSVBVM60(004675E4), ref: 004675D7
                                      • __vbaFreeStr.MSVBVM60 ref: 004675DC
                                      • __vbaFreeStr.MSVBVM60 ref: 004675E1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$CallLate$BstrCopyList$#595#681
                                      • String ID: and a $ using$'MyHigh.AssignControls RichTextBox1, CommonDialog1'$ClsAPIHighlight$CommonDialog$Description$Object variable or With block variable not set$RichTextBox$You need to assign a $/@
                                      • API String ID: 3390983327-726308618
                                      • Opcode ID: d3bf1512cdfdd99a77a384427e4e6f6a2bd8f42640daa085caeccf04d4747c04
                                      • Instruction ID: 54580c2115d04db52088d2f10ba456310cd2ba40e2a5314eca136d92fc14143a
                                      • Opcode Fuzzy Hash: d3bf1512cdfdd99a77a384427e4e6f6a2bd8f42640daa085caeccf04d4747c04
                                      • Instruction Fuzzy Hash: C0C1C8B1C002199FDB24DF95DD84AEEFBB8EF98300F00C59AE519B7250DA745A85CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00449940, Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 400COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00449982
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000008,00000000), ref: 004499AD
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004499B3
                                      • __vbaFreeVar.MSVBVM60 ref: 004499BE
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 004499D0
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004499D6
                                      • __vbaFreeVar.MSVBVM60 ref: 004499E1
                                      • __vbaRedim.MSVBVM60(00000080,00000004,?,00000003,00000001,00000000,00000000), ref: 00449A09
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 00449A18
                                      • __vbaI2I4.MSVBVM60 ref: 00449A26
                                      • __vbaLbound.MSVBVM60(00000001,?), ref: 00449A31
                                      • __vbaI2I4.MSVBVM60 ref: 00449A39
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 00449A6C
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 00449A95
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00449ABD
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00449AC8
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000D,00000000), ref: 00449ADC
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00449AE6
                                      • __vbaFreeVar.MSVBVM60 ref: 00449AF8
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00449B16
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00449B25
                                      • __vbaLateIdSt.MSVBVM60(?,0000000D), ref: 00449B52
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00449B85
                                      • __vbaFreeObj.MSVBVM60(00449BA6), ref: 00449B9F
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00449BBB
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449C1F
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449C3A
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449C5D
                                      • __vbaFpI4.MSVBVM60(?,?), ref: 00449CCA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$Error$BoundsFreeGenerate$Call$Addref$LboundOverflowRedimUbound
                                      • String ID: /@
                                      • API String ID: 3250974266-2163338593
                                      • Opcode ID: cb984ed12a855462aeafca542ba6cf3e694896b3e6703688555b580926449df9
                                      • Instruction ID: 0a5b7303e757ea93163b1799ea9e36c23767ba1bceef3c7694d88388071ca97a
                                      • Opcode Fuzzy Hash: cb984ed12a855462aeafca542ba6cf3e694896b3e6703688555b580926449df9
                                      • Instruction Fuzzy Hash: 4BD1C5749003069FD704EFA8D988BAFBBB4FF88700F10856AF505AB350D7759885DBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045C5B0, Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 345COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0045C619
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFB,00000000), ref: 0045C650
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045C656
                                      • __vbaStrMove.MSVBVM60 ref: 0045C661
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0045C668
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0045C684
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0045C68A
                                      • __vbaFreeStr.MSVBVM60 ref: 0045C6A4
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C6B4
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0045C6EC
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0045C708
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0045C712
                                      • __vbaFreeVar.MSVBVM60 ref: 0045C729
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000009,00000000), ref: 0045C748
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045C752
                                      • __vbaLateIdSt.MSVBVM60(?,0000000B), ref: 0045C782
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C78E
                                      • __vbaLateIdSt.MSVBVM60(?,00000016), ref: 0045C7C0
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 0045C7E5
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFB,00000000), ref: 0045C7F9
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045C803
                                      • __vbaStrMove.MSVBVM60 ref: 0045C80E
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0045C815
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0045C83C
                                      • __vbaFreeStr.MSVBVM60 ref: 0045C841
                                      • __vbaFreeVar.MSVBVM60 ref: 0045C84A
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000009,00000000), ref: 0045C85F
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045C869
                                      • __vbaLateIdSt.MSVBVM60(?,0000000B), ref: 0045C899
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C8A5
                                      • __vbaLateIdSt.MSVBVM60(?,00000016,0000000B), ref: 0045C8CC
                                      • #523.MSVBVM60(?), ref: 0045C8E5
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 0045C92C
                                      • __vbaFreeVar.MSVBVM60 ref: 0045C938
                                      • __vbaStrCopy.MSVBVM60 ref: 0045C946
                                      • __vbaStrCat.MSVBVM60(?,?), ref: 0045C969
                                      • __vbaStrMove.MSVBVM60 ref: 0045C974
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0045C995
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0045C9C1
                                      • __vbaFreeObj.MSVBVM60(0045CA15), ref: 0045C9FC
                                      • __vbaFreeVar.MSVBVM60 ref: 0045CA05
                                      • __vbaFreeStr.MSVBVM60 ref: 0045CA0E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$Free$Move$Call$List$AddrefBstr$#523CopyIndexStore
                                      • String ID: `!@
                                      • API String ID: 636192309-1305822785
                                      • Opcode ID: 69777ded777363ae8fef89068c9cecf9e233e14a72f47e07410472cbfbc5c347
                                      • Instruction ID: 9c64b51c192b1bf9cf74932c5a3bf31c5ad0bc5a790dc85fb290211c7837c2f3
                                      • Opcode Fuzzy Hash: 69777ded777363ae8fef89068c9cecf9e233e14a72f47e07410472cbfbc5c347
                                      • Instruction Fuzzy Hash: BFE10DB09002099FDB04DFA8DD89FAEFBB4FF48300F1486A9E509A7295DB749985CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004079C6, Relevance: 75.5, APIs: 34, Strings: 9, Instructions: 281COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,?,Description,00000000,?,00401D70,00000000), ref: 00455D5D
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00455D67
                                      • __vbaStrMove.MSVBVM60 ref: 00455D72
                                      • __vbaFreeVar.MSVBVM60 ref: 00455D81
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,?,Description,00000000), ref: 00455DA2
                                      • __vbaVarTstEq.MSVBVM60(00008008,00000000), ref: 00455DB3
                                      • __vbaFreeVar.MSVBVM60 ref: 00455DBE
                                      • __vbaObjIs.MSVBVM60(?,00000000), ref: 00455DD7
                                      • __vbaStrCopy.MSVBVM60 ref: 00455DE6
                                      • __vbaObjIs.MSVBVM60(?,00000000), ref: 00455DF1
                                      • __vbaStrCopy.MSVBVM60 ref: 00455E00
                                      • __vbaVarDup.MSVBVM60 ref: 00455E5C
                                      • __vbaVarDup.MSVBVM60 ref: 00455E77
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00455E83
                                      • __vbaLenBstr.MSVBVM60(?), ref: 00455E91
                                      • #681.MSVBVM60(?,?,?,?), ref: 00455EBB
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,?,Description,00000000), ref: 00455F0E
                                      • __vbaVarCat.MSVBVM60(?,00008008,00000000), ref: 00455F29
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F37
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F45
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F56
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F67
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F78
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F89
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00455F9A
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00455F9D
                                      • __vbaStrMove.MSVBVM60 ref: 00455FA8
                                      • __vbaFreeVarList.MSVBVM60(0000000D,?,?,?,00000003,?,?,?,?,?,?,?,?,?), ref: 00455FF9
                                      • __vbaVarDup.MSVBVM60 ref: 00456038
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00456065
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 00456079
                                      • __vbaFreeStr.MSVBVM60(004560F4), ref: 004560E7
                                      • __vbaFreeStr.MSVBVM60 ref: 004560EC
                                      • __vbaFreeStr.MSVBVM60 ref: 004560F1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$CallLate$BstrCopyList$#595#681
                                      • String ID: and a $ using$'MyHigh.AssignControls RichTextBox1, CommonDialog1'$ClsAPIHighlight$CommonDialog$Description$Object variable or With block variable not set$RichTextBox$You need to assign a
                                      • API String ID: 3390983327-546672919
                                      • Opcode ID: ae1f6bbb93f607d20efa0b069f96377f5a4d8c49aea3698c848e54a3f7c00375
                                      • Instruction ID: 78eca483f9893a4f6098f9c506ba3b585686ba115864f6c35bc1874b7aef5179
                                      • Opcode Fuzzy Hash: ae1f6bbb93f607d20efa0b069f96377f5a4d8c49aea3698c848e54a3f7c00375
                                      • Instruction Fuzzy Hash: 54C1B7B1C002199FDB24CF95DD44AEEFBB8EF58300F00C19AE519B7250DA745A89CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004545B0, Relevance: 73.9, APIs: 40, Strings: 2, Instructions: 389COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 0045465D
                                      • #710.MSVBVM60(?,?), ref: 00454679
                                      • __vbaStrMove.MSVBVM60 ref: 0045468A
                                      • __vbaFreeStr.MSVBVM60 ref: 004546C9
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,00000008), ref: 004546D9
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004546EE
                                      • __vbaUbound.MSVBVM60(00000001), ref: 004546F9
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00454709
                                      • __vbaLbound.MSVBVM60(00000001), ref: 00454714
                                      • __vbaVarIndexLoad.MSVBVM60(0000000A,?,00000001), ref: 00454751
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045475B
                                      • __vbaStrMove.MSVBVM60 ref: 00454766
                                      • __vbaFreeVar.MSVBVM60 ref: 0045476B
                                      • __vbaInStr.MSVBVM60(00000000,?,?,00000001), ref: 0045477D
                                      • __vbaStrCat.MSVBVM60(0041309C,?,00000001,000000FF,00000000), ref: 00454796
                                      • __vbaStrMove.MSVBVM60 ref: 004547A1
                                      • __vbaStrI4.MSVBVM60(FFFFFFFF,?,00000000), ref: 004547A9
                                      • __vbaStrMove.MSVBVM60 ref: 004547B4
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004547B7
                                      • __vbaStrMove.MSVBVM60 ref: 004547C2
                                      • #712.MSVBVM60(?,00000000), ref: 004547C9
                                      • __vbaStrMove.MSVBVM60 ref: 004547D4
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004547E4
                                      • __vbaVarIndexLoadRefLock.MSVBVM60(0000000A,?,?,00000001), ref: 0045482A
                                      • __vbaAryUnlock.MSVBVM60(?), ref: 0045485C
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 004548A6
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,00000008), ref: 004548B6
                                      • __vbaStrCopy.MSVBVM60 ref: 004548E2
                                      • #519.MSVBVM60(?), ref: 00454901
                                      • __vbaStrMove.MSVBVM60 ref: 0045490C
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 00454913
                                      • __vbaStrMove.MSVBVM60 ref: 0045491E
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 0045493F
                                      • __vbaFreeVar.MSVBVM60(004549BE), ref: 004549A2
                                      • __vbaFreeStr.MSVBVM60 ref: 004549B1
                                      • __vbaFreeStr.MSVBVM60 ref: 004549B6
                                      • __vbaFreeStr.MSVBVM60 ref: 004549BB
                                      • __vbaErrorOverflow.MSVBVM60 ref: 004549DD
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401CD8,00411700,00000040), ref: 00454A48
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401CD8,00411700,00000040), ref: 00454A68
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$List$Index$CheckCopyHresultLoad$#519#710#712ErrorLboundLockOverflowStoreUboundUnlock
                                      • String ID: \cf$\highlight
                                      • API String ID: 1882759433-317655558
                                      • Opcode ID: b538e47dbdd2f21d1d35862342553898ae841e88eb0ce02e9e4031ae1907e439
                                      • Instruction ID: 646033c08ab977f8334d8707aba58487ed29c22dca0b38616b4addad9744dbbf
                                      • Opcode Fuzzy Hash: b538e47dbdd2f21d1d35862342553898ae841e88eb0ce02e9e4031ae1907e439
                                      • Instruction Fuzzy Hash: 9EF14CB5D00219EFDB04DFA4DD89AEEBBB8FF88700F10816AE905AB251D7706945CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407985, Relevance: 73.8, APIs: 41, Strings: 1, Instructions: 281COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCmp.MSVBVM60(styles,00000000), ref: 0045529A
                                      • __vbaStrCat.MSVBVM60(00410724), ref: 004552B5
                                      • __vbaStrMove.MSVBVM60 ref: 004552C2
                                      • __vbaStrCat.MSVBVM60(00410724,00000000), ref: 004552CA
                                      • __vbaStrMove.MSVBVM60 ref: 004552D1
                                      • __vbaFreeStr.MSVBVM60 ref: 004552D6
                                      • __vbaStrCat.MSVBVM60(00410724,00000000), ref: 004552EC
                                      • __vbaStrMove.MSVBVM60 ref: 004552F9
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 00455302
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 00455309
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000), ref: 00455311
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 00455318
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00455324
                                      • __vbaStrI2.MSVBVM60(?,?), ref: 00455338
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 00455343
                                      • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 00455346
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0045534D
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,?), ref: 00455355
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0045535C
                                      • __vbaStrI2.MSVBVM60(00000000,00000000,?,?), ref: 00455366
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 00455371
                                      • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 00455374
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0045537B
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,?), ref: 00455383
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 0045538A
                                      • __vbaStrI4.MSVBVM60(?,00000000,?,?), ref: 00455393
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0045539E
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 004553A1
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 004553A8
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000,?,?), ref: 004553B0
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 004553B7
                                      • __vbaStrI4.MSVBVM60(?,00000000,?,00000000,?,?), ref: 004553C0
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,?), ref: 004553CB
                                      • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,00000000,?,?), ref: 004553CE
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,?), ref: 004553D5
                                      • __vbaStrCat.MSVBVM60(00410724,00000000,?,00000000,?,00000000,?,?), ref: 004553DD
                                      • __vbaVarCat.MSVBVM60(?,?,?,?,00000000,?,00000000,?,?), ref: 0045545A
                                      • __vbaVarCat.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,?), ref: 00455468
                                      • __vbaVarCat.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,?), ref: 00455479
                                      • __vbaVarCat.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,?), ref: 0045548A
                                      • __vbaVarCat.MSVBVM60(?,?,00000000,?,00000000,?,00000000,?,?), ref: 0045549B
                                      • __vbaStrVarVal.MSVBVM60(?,00000000,?,00000000,?,00000000,?,?), ref: 004554A2
                                      • #517.MSVBVM60(00000000,?,00000000,?,00000000,?,?), ref: 004554A9
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,?,?), ref: 004554B4
                                      • __vbaFreeStrList.MSVBVM60(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004554E8
                                      • __vbaFreeVarList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,?), ref: 00455526
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401D38,00411700,00000084), ref: 0045555B
                                      • __vbaStrMove.MSVBVM60 ref: 0045556A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List$#517CheckHresult
                                      • String ID: styles
                                      • API String ID: 2659105997-3059415797
                                      • Opcode ID: 5f40d43d1602919f0929643fdd5a00ab97b3ceed5eaffc54f7a524de8022c3bb
                                      • Instruction ID: c1e49fabbd62727712108e7c90d4ec58cdba5946663b95329979b6cb058070d4
                                      • Opcode Fuzzy Hash: 5f40d43d1602919f0929643fdd5a00ab97b3ceed5eaffc54f7a524de8022c3bb
                                      • Instruction Fuzzy Hash: 60B1DFB1D00219AFCB14DF95CC84EEEBBB9FF48700F10816AE519A3254EB745A89CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A7C, Relevance: 68.5, APIs: 38, Strings: 1, Instructions: 256COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60(660DC417,660DC43B,00401E88), ref: 004580C8
                                      • __vbaStrErrVarCopy.MSVBVM60(00000000), ref: 004580CF
                                      • __vbaStrMove.MSVBVM60 ref: 004580E0
                                      • __vbaFreeStr.MSVBVM60 ref: 00458102
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00458146
                                      • __vbaStrVarVal.MSVBVM60(?,?,***,0041071C,00000001,000000FF,00000000), ref: 00458166
                                      • #712.MSVBVM60(00000000), ref: 0045816D
                                      • __vbaStrMove.MSVBVM60 ref: 00458178
                                      • __vbaFreeStr.MSVBVM60 ref: 0045817D
                                      • __vbaFreeVar.MSVBVM60 ref: 00458186
                                      • __vbaVarVargNofree.MSVBVM60 ref: 004581A4
                                      • __vbaStrVarCopy.MSVBVM60(00000000), ref: 004581AB
                                      • __vbaStrMove.MSVBVM60 ref: 004581B6
                                      • __vbaVarVargNofree.MSVBVM60 ref: 004581C3
                                      • __vbaLenVar.MSVBVM60(?,00000000), ref: 004581CE
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004581D5
                                      • __vbaVarVargNofree.MSVBVM60(?,?,0041376C,00000001), ref: 00458212
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045821D
                                      • #631.MSVBVM60(00000000), ref: 00458224
                                      • __vbaStrMove.MSVBVM60 ref: 0045822F
                                      • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00458233
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0045824C
                                      • __vbaFreeVar.MSVBVM60 ref: 00458258
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00458297
                                      • __vbaVarVargNofree.MSVBVM60(?,00000002), ref: 004582B9
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 004582C4
                                      • #631.MSVBVM60(00000000), ref: 004582CB
                                      • __vbaStrMove.MSVBVM60 ref: 004582D6
                                      • __vbaStrMove.MSVBVM60(00000001,000000FF,00000000,?), ref: 004582EF
                                      • __vbaStrVarVal.MSVBVM60(?,?,***,00000000), ref: 004582FF
                                      • #712.MSVBVM60(00000000), ref: 00458306
                                      • __vbaStrMove.MSVBVM60 ref: 00458311
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00458314
                                      • __vbaStrMove.MSVBVM60 ref: 0045831F
                                      • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 00458337
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00458347
                                      • __vbaVarVargNofree.MSVBVM60(?,00000002,?), ref: 00458390
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045839B
                                      • #631.MSVBVM60(00000000), ref: 004583A2
                                      • __vbaStrMove.MSVBVM60 ref: 004583AD
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004583B0
                                      • __vbaStrMove.MSVBVM60 ref: 004583BB
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004583C7
                                      • __vbaFreeVar.MSVBVM60 ref: 004583D3
                                      • __vbaVargVarCopy.MSVBVM60 ref: 004583EC
                                      • __vbaFreeStr.MSVBVM60(00458433), ref: 0045842C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$Varg$Nofree$List$#631Copy$#712IndexLoad
                                      • String ID: ***
                                      • API String ID: 3985968543-2118852570
                                      • Opcode ID: 61dde99ebaa1c5111c30e1f917ed55c601f6ff77665f034712c07a05b1a39881
                                      • Instruction ID: 45940c16626e3a8bb78291e5fc59f8c88585b6854381750f543f8d0cff67966e
                                      • Opcode Fuzzy Hash: 61dde99ebaa1c5111c30e1f917ed55c601f6ff77665f034712c07a05b1a39881
                                      • Instruction Fuzzy Hash: 99A10CB5D00219DFDB04DF94DD88AEEBBB9FF48301F10812AE906B72A4DB745949CB64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00465960, Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 299COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,0008000E), ref: 004659AA
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 004659C1
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004659C7
                                      • __vbaFreeVar.MSVBVM60 ref: 004659DF
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00465A01
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00465A07
                                      • __vbaStrMove.MSVBVM60 ref: 00465A12
                                      • __vbaFreeVar.MSVBVM60 ref: 00465A1B
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00465A26
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,00000001), ref: 00465A3E
                                      • #631.MSVBVM60(?,-00000004,?), ref: 00465A78
                                      • #561.MSVBVM60(?), ref: 00465A8C
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,00000008), ref: 00465A9E
                                      • __vbaInStr.MSVBVM60(00000000,0041071C,?,00000000), ref: 00465AB8
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,-00000001), ref: 00465AD8
                                      • __vbaFreeObj.MSVBVM60(00465B2F), ref: 00465B28
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00465B4C
                                      • __vbaObjSetAddref.MSVBVM60(6600A296,?,00000000,00000000,6600A296), ref: 00465BA2
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00465BB9
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00465BBF
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00465BD8
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00465BEB
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00465BF1
                                      • __vbaStrMove.MSVBVM60 ref: 00465BFC
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 00465C09
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00465C1C
                                      • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00465C25
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CallLateMove$Addref$#561#631ErrorListOverflow
                                      • String ID: \fs$/@
                                      • API String ID: 1687202984-1669699610
                                      • Opcode ID: f952b272304b1988492737e71e268f3caf681d176f56f263ca1b7f8992de280a
                                      • Instruction ID: a362ec8af5bd2c844dfe6c75fab09f2788b4b27821177c570c16ee637fb710a4
                                      • Opcode Fuzzy Hash: f952b272304b1988492737e71e268f3caf681d176f56f263ca1b7f8992de280a
                                      • Instruction Fuzzy Hash: D8A17271900219AFDB14DFA4DD85EEEBBB8FF48B00F108219F906B7290E7746945CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451DD0, Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 286COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00451E1A
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00451E31
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00451E37
                                      • __vbaFreeVar.MSVBVM60 ref: 00451E4F
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00451E71
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00451E77
                                      • __vbaStrMove.MSVBVM60 ref: 00451E82
                                      • __vbaFreeVar.MSVBVM60 ref: 00451E8B
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00451E96
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,00000001), ref: 00451EAE
                                      • #631.MSVBVM60(?,-00000004,?), ref: 00451EEB
                                      • #561.MSVBVM60(?), ref: 00451EFF
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,00000008), ref: 00451F11
                                      • __vbaInStr.MSVBVM60(00000000,0041071C,?,00000000), ref: 00451F2B
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,-00000001), ref: 00451F52
                                      • __vbaFreeObj.MSVBVM60(00451FAC), ref: 00451FA5
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00451FC9
                                      • __vbaObjSetAddref.MSVBVM60(6600A296,?,00000000,00000000,6600A296), ref: 00452012
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00452029
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0045202F
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00452048
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 0045205B
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00452061
                                      • __vbaStrMove.MSVBVM60 ref: 0045206C
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 00452079
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 0045208C
                                      • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00452095
                                      • __vbaLateIdSt.MSVBVM60(?,0000000A), ref: 0045212F
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,00000000), ref: 0045213B
                                      • __vbaFreeObj.MSVBVM60(00452165,?,00000000), ref: 0045215E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$AddrefCallMove$#561#631ErrorListOverflow
                                      • String ID: \fs$/@
                                      • API String ID: 109921347-1669699610
                                      • Opcode ID: da785fe6abe1faf05327a33578c137e4efe70673f89840dc4df4067c3ec32d21
                                      • Instruction ID: 199bda61dd87a1dcf5deccc48a4da307cd13c41d2a3b491bc46704a528b25189
                                      • Opcode Fuzzy Hash: da785fe6abe1faf05327a33578c137e4efe70673f89840dc4df4067c3ec32d21
                                      • Instruction Fuzzy Hash: CDA19175900218AFDB04DFA4DD85EEEBBB8FF48B01F10811AF905B72A1DB746945CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00465280, Relevance: 66.8, APIs: 25, Strings: 13, Instructions: 274COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaInStr.MSVBVM60(00000000,00414940,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004652CE
                                      • __vbaStrCopy.MSVBVM60(?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004652E1
                                      • __vbaStrCmp.MSVBVM60(blender **,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004652F6
                                      • __vbaStrCmp.MSVBVM60(blenderauto *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465309
                                      • __vbaStrCmp.MSVBVM60(dither2 *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046531C
                                      • __vbaStrCmp.MSVBVM60(dither *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046532F
                                      • __vbaStrCmp.MSVBVM60(fuzzy *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465342
                                      • __vbaStrCmp.MSVBVM60(fuzzyhard,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465355
                                      • __vbaStrCmp.MSVBVM60(fuzzyuser,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465368
                                      • __vbaStrCmp.MSVBVM60(highlightuser *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046537B
                                      • __vbaStrCmp.MSVBVM60(highlightuserauto *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046538A
                                      • __vbaStrCmp.MSVBVM60(highlightuseruser **,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004653BE
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,0000009C,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004653E7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,000000A0,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465412
                                      • __vbaStrCmp.MSVBVM60(text colour *,?,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046542E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,000000A4,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465455
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,00000098,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465480
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,00000098,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004654AB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,00000094,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004654DB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,00000094,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465506
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,0000008C,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465533
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,00000090,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046555E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,`'@,00411700,00000084,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046558D
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046559B
                                      • __vbaFreeStr.MSVBVM60(004655BC,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004655B5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$CopyFreeMove
                                      • String ID: `'@$blender **$blenderauto *$dither *$dither2 *$fuzzy *$fuzzyhard$fuzzyuser$highlightuser *$highlightuserauto *$highlightuseruser **$text colour *$/@
                                      • API String ID: 963183408-3382483001
                                      • Opcode ID: b21d8c7c73871d878104e9554ce1c62509e27c76814475663ecb594e6c2f1456
                                      • Instruction ID: ab05b807db06256e60457c4c33c4efa3e43991e86807f219970ea0679af803cd
                                      • Opcode Fuzzy Hash: b21d8c7c73871d878104e9554ce1c62509e27c76814475663ecb594e6c2f1456
                                      • Instruction Fuzzy Hash: 7FA184B4A00606AFDB10DFA0CD88EAFB7B9AF45744F20446AF905E7254D778AC41CB79
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046A890, Relevance: 65.1, APIs: 36, Strings: 1, Instructions: 387COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 0046A981
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0046A992
                                      • #711.MSVBVM60(?,/@,?,000000FF,00000000), ref: 0046A9AA
                                      • __vbaVarMove.MSVBVM60 ref: 0046A9B6
                                      • __vbaFreeVar.MSVBVM60 ref: 0046A9BF
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AA02
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AA34
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AA63
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AA95
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AACA
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AAFF
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AB34
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AB69
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046AB9E
                                      • __vbaNew2.MSVBVM60(00407470,?), ref: 0046ABB3
                                      • __vbaVarCmpEq.MSVBVM60(?,?,?), ref: 0046ABEA
                                      • __vbaBoolVar.MSVBVM60(00000000), ref: 0046ABF1
                                      • __vbaVarCmpEq.MSVBVM60(?,?,?), ref: 0046AC26
                                      • __vbaBoolVar.MSVBVM60(00000000), ref: 0046AC2D
                                      • __vbaVarCmpEq.MSVBVM60(?,?,?), ref: 0046AC62
                                      • __vbaBoolVar.MSVBVM60(00000000), ref: 0046AC69
                                      • __vbaI4ErrVar.MSVBVM60(?), ref: 0046AC7C
                                      • __vbaI4ErrVar.MSVBVM60(?), ref: 0046AC8F
                                      • __vbaI2ErrVar.MSVBVM60(?), ref: 0046AC9F
                                      • __vbaI2ErrVar.MSVBVM60(?), ref: 0046ACAF
                                      • __vbaStrErrVarCopy.MSVBVM60(?), ref: 0046ACBF
                                      • __vbaStrMove.MSVBVM60 ref: 0046ACCA
                                      • __vbaStrErrVarCopy.MSVBVM60(?), ref: 0046ACD4
                                      • __vbaStrMove.MSVBVM60 ref: 0046ACDF
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,00000050), ref: 0046AD3E
                                      • __vbaNew2.MSVBVM60(00407470,?), ref: 0046AD4E
                                      • __vbaStrMove.MSVBVM60 ref: 0046AD5F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,000001EC), ref: 0046AD8B
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0046AD9F
                                      • __vbaFreeVarList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?), ref: 0046ADDA
                                      • __vbaFreeVar.MSVBVM60(0046AE67), ref: 0046AE60
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$IndexLoad$FreeMove$Bool$CheckCopyHresultListNew2$#711BoundsErrorGenerate
                                      • String ID: /@
                                      • API String ID: 1831448953-2163338593
                                      • Opcode ID: c527b3a3c5aa5c2d32be60cd3277ed9c86df2430fb08a0ed10eea0ac98bca5b2
                                      • Instruction ID: 1c7479cff42c6c3ca1a9a011cafddc8e6d6f7674fdf8b72b4eb1eda27b8dd000
                                      • Opcode Fuzzy Hash: c527b3a3c5aa5c2d32be60cd3277ed9c86df2430fb08a0ed10eea0ac98bca5b2
                                      • Instruction Fuzzy Hash: F302E9B1D002199FDB15CF54CD84ADEFBB9FF98300F1086AAE509AB251EB746A84CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00478C70, Relevance: 65.1, APIs: 31, Strings: 6, Instructions: 362COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00478D07
                                      • __vbaVarCopy.MSVBVM60 ref: 00478D18
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00478D20
                                      • __vbaVarCopy.MSVBVM60 ref: 00478D2B
                                      • __vbaStrCopy.MSVBVM60 ref: 00478D45
                                      • __vbaCastObj.MSVBVM60(?,004121D4), ref: 00478D56
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00478D61
                                      • __vbaObjSetAddref.MSVBVM60(00402DDC,00000000,?,004121D4), ref: 00478D6C
                                      • __vbaFreeObj.MSVBVM60(?,004121D4), ref: 00478D75
                                      • __vbaObjSetAddref.MSVBVM60(?,004798A2,?,004121D4), ref: 00478D86
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,Buttons,00000001), ref: 00478E26
                                      • __vbaVarLateMemSt.MSVBVM60(00000000), ref: 00478E2C
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00478E3C
                                      • __vbaStrCmp.MSVBVM60(WindowsXP Themes,?), ref: 00478F94
                                      • __vbaFreeStr.MSVBVM60 ref: 00478FAA
                                      • __vbaStrCmp.MSVBVM60(WindowsXP Themes,?), ref: 00478FE3
                                      • __vbaFreeStr.MSVBVM60 ref: 00478FF9
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0047901C
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,Buttons,00000001), ref: 00479070
                                      • __vbaVarLateMemSt.MSVBVM60(00000000), ref: 00479076
                                      • __vbaFreeVar.MSVBVM60 ref: 0047907F
                                      • __vbaLateMemSt.MSVBVM60(?,Enabled), ref: 004790C4
                                      • __vbaFreeVar.MSVBVM60 ref: 004790CD
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 004790DC
                                      • __vbaFreeObj.MSVBVM60(0047912E), ref: 00479127
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$AddrefCopyNofreeVarg$Call$CastList
                                      • String ID: Buttons$Caption$Enabled$Image$WindowsXP Themes$/@
                                      • API String ID: 1251268557-538781272
                                      • Opcode ID: 07a220568edcae583f6148d981a95f3d1bdf1ae44d09b47e3740020da6fcb92b
                                      • Instruction ID: 4de72caa80222614bfa2add0ca832306a8733e3205dbe2f406b0e8933e5ae5fe
                                      • Opcode Fuzzy Hash: 07a220568edcae583f6148d981a95f3d1bdf1ae44d09b47e3740020da6fcb92b
                                      • Instruction Fuzzy Hash: 9EF11770D00209DFDB14DFA8C985AAEBBB4FF48304F10C16EE519A7260DB75A986CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044F900, Relevance: 65.1, APIs: 32, Strings: 5, Instructions: 339COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2I4.MSVBVM60 ref: 0044F94B
                                      • __vbaStrCopy.MSVBVM60 ref: 0044F97F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410EB8,000000C4), ref: 0044F9A6
                                      • __vbaFreeStr.MSVBVM60 ref: 0044F9AF
                                      • __vbaI2I4.MSVBVM60 ref: 0044F9C4
                                      • __vbaStrCopy.MSVBVM60 ref: 0044F9F8
                                      • __vbaI2I4.MSVBVM60 ref: 0044FA1A
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044FA5B
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0044FA78
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044FA7E
                                      • __vbaFreeVar.MSVBVM60 ref: 0044FA90
                                      • __vbaStrCmp.MSVBVM60(?,0041362C), ref: 0044FAC9
                                      • __vbaFreeStr.MSVBVM60 ref: 0044FADB
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000008,00000000), ref: 0044FB14
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044FB1A
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 0044FB4A
                                      • __vbaFreeVar.MSVBVM60 ref: 0044FB53
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044FB5F
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,0044FC19), ref: 0044FC0F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$AddrefCallCopy$CheckHresultList
                                      • String ID: LINENUMBERS$This doesn't work properly so it is blocked by this message untill I get it right.$\sub$\super$/@
                                      • API String ID: 1262815310-748389631
                                      • Opcode ID: ee782381aa7fbbb1ce32e370f9af90cd8e6dda616d68306aa85212c063e07af1
                                      • Instruction ID: b6704f3e3869e361c1ea9d8039ab405188ebc6c76fb80adf3d79f128c1bd8f6b
                                      • Opcode Fuzzy Hash: ee782381aa7fbbb1ce32e370f9af90cd8e6dda616d68306aa85212c063e07af1
                                      • Instruction Fuzzy Hash: 7DD15E71D00209AFDB14DF94C988EEEBBB8FF48700F10816AE516BB254D7746949CFA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00456110, Relevance: 65.1, APIs: 36, Strings: 1, Instructions: 334COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,0045659C), ref: 00456182
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004561BD
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 004561C4
                                      • __vbaI2I4.MSVBVM60 ref: 004561D2
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004561DE
                                      • __vbaLbound.MSVBVM60(00000001), ref: 004561E5
                                      • __vbaI2I4.MSVBVM60 ref: 004561F6
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00456241
                                      • __vbaVarTstEq.MSVBVM60(00008008,00000000), ref: 0045624F
                                      • __vbaFreeVar.MSVBVM60 ref: 0045625E
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 004562A6
                                      • __vbaStrErrVarCopy.MSVBVM60(00000000), ref: 004562B0
                                      • __vbaStrMove.MSVBVM60 ref: 004562BB
                                      • __vbaFreeStr.MSVBVM60 ref: 004562EE
                                      • __vbaFreeVar.MSVBVM60 ref: 004562F7
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 0045634F
                                      • __vbaStrCopy.MSVBVM60 ref: 00456377
                                      • __vbaStrCat.MSVBVM60(?,?), ref: 0045639A
                                      • __vbaStrMove.MSVBVM60 ref: 004563A5
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004563C6
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 004563F2
                                      • __vbaFreeObj.MSVBVM60(00456446), ref: 0045642D
                                      • __vbaFreeVar.MSVBVM60 ref: 00456436
                                      • __vbaFreeStr.MSVBVM60 ref: 0045643F
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0045646F
                                      • __vbaChkstk.MSVBVM60(00000000,00402FE6), ref: 0045649E
                                      • __vbaOnError.MSVBVM60(000000FF,660DC417,00401D90,660E1A08,00000000,00402FE6), ref: 004564CE
                                      • #645.MSVBVM60(00004008,00000000), ref: 004564EE
                                      • __vbaStrMove.MSVBVM60 ref: 004564F9
                                      • #685.MSVBVM60 ref: 00456506
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00456511
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00413E68,0000001C), ref: 00456544
                                      • __vbaStrCmp.MSVBVM60(00412C18,?), ref: 0045655F
                                      • __vbaFreeObj.MSVBVM60 ref: 00456581
                                      • __vbaOnError.MSVBVM60(00000000), ref: 004565B4
                                      • __vbaFreeStr.MSVBVM60(004565D5), ref: 004565CE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$ErrorIndexMove$AddrefCopyLoad$#645#685CheckChkstkHresultLboundListOverflowStoreUbound
                                      • String ID: ~!~!~!*~!
                                      • API String ID: 3562798206-225444385
                                      • Opcode ID: 10953e44e586e48a3f4eb56e0c8359f2ea158ed37087ab918abdf348d940ccea
                                      • Instruction ID: da698c38380ffe5660c13b4033d3796472bba5f7dc2cabec3e98e0349649e4b0
                                      • Opcode Fuzzy Hash: 10953e44e586e48a3f4eb56e0c8359f2ea158ed37087ab918abdf348d940ccea
                                      • Instruction Fuzzy Hash: EEE129B0D00209EFDB14DFA4D989AEDFBB8FF48301F10816AE916A72A1D7745A85CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045A8D0, Relevance: 63.3, APIs: 35, Strings: 1, Instructions: 349COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCmp.MSVBVM60(00412C18), ref: 0045A99F
                                      • __vbaVarDup.MSVBVM60 ref: 0045AA1B
                                      • __vbaStrVarVal.MSVBVM60(?,?,?,000000FF,00000000), ref: 0045AA36
                                      • #711.MSVBVM60(?,00000000), ref: 0045AA3D
                                      • __vbaVarMove.MSVBVM60 ref: 0045AA49
                                      • __vbaFreeStr.MSVBVM60 ref: 0045AA52
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045AA62
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001,00000002), ref: 0045AAA8
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045AAB2
                                      • #581.MSVBVM60(00000000), ref: 0045AAB5
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045AAEE
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045AAF8
                                      • #581.MSVBVM60(00000000), ref: 0045AAFB
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045AB37
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045AB41
                                      • #581.MSVBVM60(00000000), ref: 0045AB44
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045AB83
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045AB8D
                                      • #581.MSVBVM60(00000000), ref: 0045AB90
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045ABCF
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045ABD9
                                      • #581.MSVBVM60(00000000), ref: 0045ABDC
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045AC1B
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0045AC25
                                      • #581.MSVBVM60(00000000), ref: 0045AC28
                                      • __vbaFpCDblR8.MSVBVM60 ref: 0045AC3A
                                      • __vbaFpI2.MSVBVM60 ref: 0045AC52
                                      • __vbaFpI2.MSVBVM60 ref: 0045AC60
                                      • __vbaFpI2.MSVBVM60 ref: 0045AC6E
                                      • __vbaFpI2.MSVBVM60 ref: 0045AC7C
                                      • __vbaFpI2.MSVBVM60 ref: 0045AC8A
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 0045ACE3
                                      • __vbaFreeVarList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 0045AD0C
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0045ADC0), ref: 0045ADB0
                                      • __vbaFreeVar.MSVBVM60 ref: 0045ADB9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#581IndexLoad$Free$List$#711DestructMove
                                      • String ID: /@
                                      • API String ID: 2442633209-2163338593
                                      • Opcode ID: f631d9b518a80427f669f506c52658e7fe03e261356f0fed143311ab42738254
                                      • Instruction ID: 25a1c0eefe9d1eba08f1fb501caadee926ebf3d5efd65d2e43f61bfd2e873064
                                      • Opcode Fuzzy Hash: f631d9b518a80427f669f506c52658e7fe03e261356f0fed143311ab42738254
                                      • Instruction Fuzzy Hash: 44E1E9B1D00229EFDB15DF94CD84AEEBBB9FF48700F00859AE519A7241DB745A85CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00453070, Relevance: 61.7, APIs: 30, Strings: 5, Instructions: 407COMMON
                                      Download Yara Rule
                                      APIs
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 00453195
                                      • __vbaFpI4.MSVBVM60(?,?), ref: 004531A4
                                      • __vbaFpI4.MSVBVM60 ref: 004531F8
                                      • __vbaFreeVar.MSVBVM60 ref: 00453204
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045326B
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045327F
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,004532F4), ref: 004532ED
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00453318
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00453384
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 004533A9
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000050), ref: 004533CD
                                      • __vbaStrCat.MSVBVM60(00412B64,?), ref: 004533E5
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004533EC
                                      • __vbaStrCat.MSVBVM60(Materials.dat,00000000), ref: 004533F8
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004533FF
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00453409
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0045341D
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00453429
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$ErrorFree$BoundsCheckGenerateHresultMove$CopyDestructListNew2Overflow_adj_fdiv_m64
                                      • String ID: 7AE$Materials.dat$Styles.dat$gfff$/@
                                      • API String ID: 2831530305-866042742
                                      • Opcode ID: 65b7c602c4b0a9ef146efb51513fdd0dc44d00e15f8c1b7cc994da5c6efb09b5
                                      • Instruction ID: b34eee49ac6dde843ec94e9984910b8cb43e5b2f8e75bad191393968c1553a3e
                                      • Opcode Fuzzy Hash: 65b7c602c4b0a9ef146efb51513fdd0dc44d00e15f8c1b7cc994da5c6efb09b5
                                      • Instruction Fuzzy Hash: 73F15074D00209EFDB04CF95C988AEEBBB9FF48346F10816AE905B7291D7745A45CF68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004515E0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 306COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00451661
                                      • #616.MSVBVM60(?,00000003), ref: 0045166F
                                      • __vbaStrMove.MSVBVM60(?,00000003), ref: 0045167A
                                      • __vbaStrCmp.MSVBVM60(\ul,00000000,?,00000003), ref: 00451686
                                      • __vbaFreeStr.MSVBVM60(?,00000003), ref: 00451698
                                      • __vbaStrCopy.MSVBVM60(?,00000003), ref: 004516AB
                                      • __vbaStrMove.MSVBVM60(?,00000003), ref: 004516EE
                                      • __vbaFreeStr.MSVBVM60(?,00000003), ref: 00451720
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000003), ref: 00451741
                                      • __vbaUbound.MSVBVM60(00000001,?,?,00000003), ref: 00451748
                                      • __vbaI2I4.MSVBVM60(?,00000003), ref: 00451750
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000003), ref: 00451760
                                      • __vbaLbound.MSVBVM60(00000001,?,?,00000003), ref: 00451767
                                      • __vbaI2I4.MSVBVM60(?,?,00000003), ref: 0045176F
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 004517AD
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 004517B7
                                      • __vbaStrMove.MSVBVM60 ref: 004517C2
                                      • __vbaFreeVar.MSVBVM60 ref: 004517CB
                                      • __vbaVarIndexLoadRefLock.MSVBVM60(?,?,?,00000001), ref: 0045180C
                                      • __vbaAryUnlock.MSVBVM60(?), ref: 00451839
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 0045187D
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045188D
                                      • __vbaStrCopy.MSVBVM60(?,?,00000003), ref: 004518B7
                                      • __vbaStrCat.MSVBVM60(?,?,?,?,00000003), ref: 004518DA
                                      • __vbaStrMove.MSVBVM60(?,?,00000003), ref: 004518E5
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,?,00000003), ref: 00451906
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0045192D
                                      • __vbaFreeObj.MSVBVM60(00451992), ref: 00451972
                                      • __vbaFreeVar.MSVBVM60 ref: 0045197B
                                      • __vbaFreeStr.MSVBVM60 ref: 0045198A
                                      • __vbaFreeStr.MSVBVM60 ref: 0045198F
                                      • __vbaErrorOverflow.MSVBVM60 ref: 004519BB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Index$AddrefCopyListLoad$#616ErrorLboundLockOverflowStoreUboundUnlock
                                      • String ID: \ul
                                      • API String ID: 310893657-2360061446
                                      • Opcode ID: b43a04f1cb5cad4deeb0d2f6bc124e86d83cddf58e922c66210e6e7b8d1de779
                                      • Instruction ID: 47dafd49b2bd29169af198db75b6453944776b5d6a746eaaef1d9aa09eeaf6d7
                                      • Opcode Fuzzy Hash: b43a04f1cb5cad4deeb0d2f6bc124e86d83cddf58e922c66210e6e7b8d1de779
                                      • Instruction Fuzzy Hash: 66C130B5900209DFDB14DF94C988AEEFBB9FF48300F14856EE909A7261DB706985CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00478510, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 304COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCheckType.MSVBVM60(00000000,0041123C), ref: 00478567
                                      • __vbaLateMemSt.MSVBVM60(?,Caption), ref: 004785B0
                                      • __vbaFreeVar.MSVBVM60 ref: 004785B9
                                      • __vbaCheckType.MSVBVM60(?,00411E5C), ref: 004785CC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckType$FreeLate
                                      • String ID: Caption
                                      • API String ID: 4089294101-968978681
                                      • Opcode ID: 9eaa6d261cb637eb80a1cb4b02b6d9f1369fa4a5aa10a8538f87ebcd5a4a54da
                                      • Instruction ID: d7acd539f83621b387757c165e22257719fd36a87517490ee371ef945e91b9cb
                                      • Opcode Fuzzy Hash: 9eaa6d261cb637eb80a1cb4b02b6d9f1369fa4a5aa10a8538f87ebcd5a4a54da
                                      • Instruction Fuzzy Hash: E9B1407554060AAFDB10DFA0CD88EFBB7B8FF48744B10841EF646A7650DB74A942CB68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044A730, Relevance: 58.0, APIs: 32, Strings: 1, Instructions: 223COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 0044A76A
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044A77B
                                      • __vbaLenBstr.MSVBVM60(?), ref: 0044A785
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0044A79A
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A7A4
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A7B0
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000008,00000000), ref: 0044A7CA
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A7D4
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 0044A80A
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A80F
                                      • __vbaLenBstr.MSVBVM60(?), ref: 0044A819
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0044A841
                                      • __vbaLateIdSt.MSVBVM60(?,00000009), ref: 0044A861
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044A869
                                      • __vbaFreeObj.MSVBVM60(0044A893), ref: 0044A883
                                      • __vbaFreeStr.MSVBVM60 ref: 0044A88C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$Free$AddrefBstrCall$Copy
                                      • String ID: /@
                                      • API String ID: 2971895584-2163338593
                                      • Opcode ID: 98b0cefcdce885f7ce628bebeb9bf317b5db9166f39917ba55519bff380de438
                                      • Instruction ID: 3549d1cdd5ed5bb82415a07c13b883260c68ee4313fe315f78f741a97e191ba7
                                      • Opcode Fuzzy Hash: 98b0cefcdce885f7ce628bebeb9bf317b5db9166f39917ba55519bff380de438
                                      • Instruction Fuzzy Hash: 6D813DB1D00209AFDB04EFA4DE85EEEBBB8FB48700F148519E505B7690D734A945CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046DA20, Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 244COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046DA9D
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 0046DAA0
                                      • __vbaFreeObj.MSVBVM60 ref: 0046DAA9
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046DAC3
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000), ref: 0046DACA
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0046DAD4
                                      • __vbaStrMove.MSVBVM60 ref: 0046DADF
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0046DAE6
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046DB17
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 0046DB1A
                                      • __vbaFreeStr.MSVBVM60 ref: 0046DB23
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0046DB33
                                      • __vbaFreeVar.MSVBVM60 ref: 0046DB3F
                                      • __vbaNew2.MSVBVM60(00407470,?), ref: 0046DB55
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,00000044), ref: 0046DB79
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046DB8D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411EA8,000000E0), ref: 0046DBB4
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046DBC8
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411EA8,000000E8), ref: 0046DBF9
                                      • #517.MSVBVM60(?), ref: 0046DC03
                                      • __vbaStrMove.MSVBVM60 ref: 0046DC0E
                                      • __vbaStrMove.MSVBVM60(00000006), ref: 0046DC1F
                                      • #616.MSVBVM60(00000000), ref: 0046DC26
                                      • __vbaStrMove.MSVBVM60 ref: 0046DC31
                                      • __vbaStrCmp.MSVBVM60(highli,00000000), ref: 0046DC3D
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 0046DC62
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0046DC72
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046DCD6
                                      • __vbaLateIdCall.MSVBVM60(00000000), ref: 0046DCD9
                                      • __vbaFreeObj.MSVBVM60 ref: 0046DCE5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Late$CheckHresultList$Call$#517#616BstrNew2
                                      • String ID: highli$not be easily read
                                      • API String ID: 742751182-740249810
                                      • Opcode ID: 82440b06333e5cc18cd39e6f47c38206580766202d1c4ac4c532355c83cc73b5
                                      • Instruction ID: 5752a7f3a46a6b9da4c58a8f23f0aff76a04d0fb427d46c849db87d698320749
                                      • Opcode Fuzzy Hash: 82440b06333e5cc18cd39e6f47c38206580766202d1c4ac4c532355c83cc73b5
                                      • Instruction Fuzzy Hash: 1F9151B0D00209AFDB04DFA4C989EEEBBB8FF48701F10855AE505E72A0DB759945CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004575A0, Relevance: 56.2, APIs: 31, Strings: 1, Instructions: 218COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRedimVar.MSVBVM60(0000200C,?,00000001,?,00000000), ref: 00457612
                                      • #648.MSVBVM60(?), ref: 0045762D
                                      • __vbaFreeVar.MSVBVM60 ref: 0045763E
                                      • __vbaFileOpen.MSVBVM60(00000001,000000FF,00000000,00000000), ref: 00457648
                                      • #571.MSVBVM60(00000000), ref: 00457652
                                      • __vbaVarIndexLoadRef.MSVBVM60(0000000A,?,00000001), ref: 00457683
                                      • __vbaLineInputVar.MSVBVM60(00000000), ref: 0045768D
                                      • __vbaFreeVar.MSVBVM60 ref: 00457696
                                      • __vbaFileClose.MSVBVM60(00000000), ref: 004576A6
                                      • __vbaVarCopy.MSVBVM60 ref: 004576B2
                                      • __vbaFreeStr.MSVBVM60(004576EB), ref: 004576DB
                                      • __vbaFreeVar.MSVBVM60 ref: 004576E4
                                      • __vbaErrorOverflow.MSVBVM60(00000000), ref: 0045771A
                                      • #648.MSVBVM60(?,?,00000000,?), ref: 00457763
                                      • __vbaFreeVar.MSVBVM60(?,00000000,?), ref: 0045776E
                                      • __vbaFileOpen.MSVBVM60(00000001,000000FF,00000000,?,?,00000000,?), ref: 0045777F
                                      • #571.MSVBVM60(00000000,?,?,00000000,?), ref: 0045778C
                                      • __vbaLineInputStr.MSVBVM60(?,00000000,?,?,00000000,?), ref: 0045779C
                                      • __vbaFileClose.MSVBVM60(00000000,?,?,00000000,?), ref: 004577A9
                                      • __vbaFreeStr.MSVBVM60(004577CA,?,?,00000000,?), ref: 004577C3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$File$#571#648CloseInputLineOpen$CopyErrorIndexLoadOverflowRedim
                                      • String ID: /@
                                      • API String ID: 1826904589-2163338593
                                      • Opcode ID: 05d9728943565e228f8582a922f63f72fc563758c87e036549654a4762685112
                                      • Instruction ID: 0b598508fd6ccaeabdc2f52a04972486e20f3e152acf523dc0ec7e803e7d73fe
                                      • Opcode Fuzzy Hash: 05d9728943565e228f8582a922f63f72fc563758c87e036549654a4762685112
                                      • Instruction Fuzzy Hash: AF812070900219AFCB00DFA4DE89EDEBB78FF48741F10412AF905B72A1D7785945CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00476C90, Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 156COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,?), ref: 00476D0F
                                      • __vbaStrMove.MSVBVM60 ref: 00476D1C
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476D24
                                      • __vbaStrMove.MSVBVM60 ref: 00476D2B
                                      • __vbaStrCat.MSVBVM60(_______________________________________________________,00000000), ref: 00476D33
                                      • __vbaStrMove.MSVBVM60 ref: 00476D3A
                                      • __vbaStrCat.MSVBVM60(CUSTOMISATION,00000000), ref: 00476D42
                                      • __vbaStrMove.MSVBVM60 ref: 00476D49
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476D51
                                      • __vbaStrMove.MSVBVM60 ref: 00476D58
                                      • __vbaStrCat.MSVBVM60( NAME: ,00000000), ref: 00476D60
                                      • __vbaStrMove.MSVBVM60 ref: 00476D67
                                      • __vbaStrCat.MSVBVM60(0047773E,00000000), ref: 00476D6E
                                      • __vbaStrMove.MSVBVM60 ref: 00476D75
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476D7D
                                      • __vbaStrMove.MSVBVM60 ref: 00476D84
                                      • __vbaStrCat.MSVBVM60( VERSION: ,00000000), ref: 00476D8C
                                      • __vbaStrMove.MSVBVM60 ref: 00476D93
                                      • __vbaStrCat.MSVBVM60(00477768,00000000), ref: 00476D9A
                                      • __vbaStrMove.MSVBVM60 ref: 00476DA1
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476DA9
                                      • __vbaStrMove.MSVBVM60 ref: 00476DB0
                                      • __vbaStrCat.MSVBVM60(DESCRIPTION: ,00000000), ref: 00476DB8
                                      • __vbaStrMove.MSVBVM60 ref: 00476DBF
                                      • __vbaStrCat.MSVBVM60(00477745,00000000), ref: 00476DC6
                                      • __vbaStrMove.MSVBVM60 ref: 00476DCD
                                      • __vbaFreeStrList.MSVBVM60(0000000D,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00476E05
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList
                                      • String ID: NAME: $ VERSION: $CUSTOMISATION$DESCRIPTION: $_______________________________________________________
                                      • API String ID: 4052998853-4284784188
                                      • Opcode ID: b1acd6a837571087e3563b014bb28df735da7329d31c5a9036be46c3e11cc165
                                      • Instruction ID: 425bb7f88615a1d9e91dd2fafb9044843f7ed1b17a3025a38862de4086490c35
                                      • Opcode Fuzzy Hash: b1acd6a837571087e3563b014bb28df735da7329d31c5a9036be46c3e11cc165
                                      • Instruction Fuzzy Hash: C551B9B2D10118AFCB05EBA8CD95DEEBBBDEF88700B10811BF512A3254DAB45945CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004708B0, Relevance: 54.6, APIs: 30, Strings: 1, Instructions: 379COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470912
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123E0,00000098), ref: 0047093B
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00470950
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0047096F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041122C,00000040), ref: 0047098E
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004709A4
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E0), ref: 004709CB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041123C,0000008C), ref: 004709F8
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00470A08
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470A1F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041122C,00000040), ref: 00470A42
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470A58
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E0), ref: 00470A7F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041123C,0000008C), ref: 00470AAC
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00470ABC
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470AD9
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123E0,00000098), ref: 00470AFC
                                      • __vbaFreeObj.MSVBVM60 ref: 00470B05
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470B22
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041122C,00000040), ref: 00470B45
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470B5B
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E0), ref: 00470B82
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041123C,0000008C), ref: 00470BAF
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00470BBF
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470BD6
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041122C,00000040), ref: 00470BF9
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00470C0F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,000000E0), ref: 00470C36
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041123C,0000008C), ref: 00470C63
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00470C73
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$Free$List
                                      • String ID: *@
                                      • API String ID: 3690971433-4253423908
                                      • Opcode ID: a3c8997819e0b4f68e51b340b1b53e1ea498d0f1917f03ac9595db086f094277
                                      • Instruction ID: 86b55e292fceb70aa3602b513fa19c263ecff35bcae2274d4805be315f6ab932
                                      • Opcode Fuzzy Hash: a3c8997819e0b4f68e51b340b1b53e1ea498d0f1917f03ac9595db086f094277
                                      • Instruction Fuzzy Hash: D1D17071900205AFDB00DBA5CD89EEFB7BCFF48B00F10852AF645E7191DB78A9458BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004626D0, Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 309COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00462748
                                      • __vbaStrMove.MSVBVM60 ref: 0046278B
                                      • __vbaFreeStr.MSVBVM60 ref: 004627BD
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004627DE
                                      • __vbaUbound.MSVBVM60(00000001), ref: 004627E5
                                      • __vbaI2I4.MSVBVM60 ref: 004627ED
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004627FD
                                      • __vbaLbound.MSVBVM60(00000001), ref: 00462804
                                      • __vbaI2I4.MSVBVM60 ref: 0046280C
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046284A
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00462854
                                      • __vbaStrMove.MSVBVM60 ref: 0046285F
                                      • __vbaFreeVar.MSVBVM60 ref: 00462868
                                      • __vbaVarIndexLoadRefLock.MSVBVM60(?,?,?,00000001), ref: 004628A9
                                      • __vbaAryUnlock.MSVBVM60(?), ref: 004628D6
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 00462917
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00462927
                                      • __vbaStrCopy.MSVBVM60 ref: 00462951
                                      • __vbaStrCat.MSVBVM60(?,?), ref: 00462974
                                      • __vbaStrMove.MSVBVM60 ref: 0046297F
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004629A0
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 004629C7
                                      • __vbaFreeObj.MSVBVM60(00462A2C), ref: 00462A0C
                                      • __vbaFreeVar.MSVBVM60 ref: 00462A15
                                      • __vbaFreeStr.MSVBVM60 ref: 00462A24
                                      • __vbaFreeStr.MSVBVM60 ref: 00462A29
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00462A4B
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000001A,00000000), ref: 00462AAD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00462ABB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Index$AddrefListLoad$CallCopyErrorLateLboundLockOverflowStoreUboundUnlock
                                      • String ID: X%@$/@
                                      • API String ID: 2381780210-15774679
                                      • Opcode ID: 3389149b7d71054750004af41532cc5f537aaa27d31007b73b2ff4df4212b6ba
                                      • Instruction ID: 36b8ac1ee7c76704c8776402018c8e804a5de1d4c9e415004872400e82a66064
                                      • Opcode Fuzzy Hash: 3389149b7d71054750004af41532cc5f537aaa27d31007b73b2ff4df4212b6ba
                                      • Instruction Fuzzy Hash: EFC13EB5D00209EFDB10DF94CA88AEEFBB9FF88300F14856AE905A7250D7706A46CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A6F, Relevance: 54.5, APIs: 30, Strings: 1, Instructions: 264COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60 ref: 00457C1F
                                      • #616.MSVBVM60(00000000,00000001), ref: 00457C32
                                      • __vbaStrMove.MSVBVM60 ref: 00457C3D
                                      • __vbaStrCmp.MSVBVM60(00410724,00000000), ref: 00457C49
                                      • __vbaFreeStr.MSVBVM60 ref: 00457C5B
                                      • #631.MSVBVM60(?,00000002,?), ref: 00457C7D
                                      • __vbaStrMove.MSVBVM60(?,00000002,?), ref: 00457C87
                                      • __vbaFreeVar.MSVBVM60(?,00000002,?), ref: 00457C90
                                      • __vbaVarDup.MSVBVM60(?,00000002,?), ref: 00457CB3
                                      • #711.MSVBVM60(?,?,?,000000FF,00000000), ref: 00457CC8
                                      • __vbaVarMove.MSVBVM60(?,?,000000FF,00000000), ref: 00457CEB
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,000000FF,00000000), ref: 00457CFB
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000000), ref: 00457D0E
                                      • __vbaUbound.MSVBVM60(00000001,?,?,00000000), ref: 00457D15
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000000), ref: 00457D25
                                      • __vbaLbound.MSVBVM60(00000001,?,?,00000000), ref: 00457D2C
                                      • __vbaRefVarAry.MSVBVM60(?,?,?,00000000), ref: 00457D52
                                      • __vbaUbound.MSVBVM60(00000001,?,?,?,00000000), ref: 00457D59
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00457DBF
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00457DEB
                                      • __vbaVarTstEq.MSVBVM60(00000000), ref: 00457DF1
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00457E03
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00457E33
                                      • __vbaUbound.MSVBVM60(00000001), ref: 00457E3E
                                      • __vbaStrCat.MSVBVM60(00410724,?,?,?,?,00000000), ref: 00457E6F
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001,?,?,?,?,?,00000000), ref: 00457EBD
                                      • __vbaVarCat.MSVBVM60(?,00000000), ref: 00457ECA
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00457ED1
                                      • __vbaStrMove.MSVBVM60 ref: 00457EDC
                                      • __vbaFreeVarList.MSVBVM60(00000003,00000008,?,?), ref: 00457EF3
                                      • #631.MSVBVM60(?,00000002,?,?,?,00000000), ref: 00457F32
                                      • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 00457F3D
                                      • __vbaFreeVar.MSVBVM60(?,?,00000000), ref: 00457F4C
                                      • __vbaVarDup.MSVBVM60(?,?,00000000), ref: 00457F6B
                                      • #711.MSVBVM60(?,00412C18,?,000000FF,00000000), ref: 00457FB8
                                      • __vbaVarMove.MSVBVM60 ref: 00457FC4
                                      • __vbaFreeVar.MSVBVM60 ref: 00457FCD
                                      • __vbaFreeStr.MSVBVM60(00458027), ref: 00458010
                                      • __vbaFreeVar.MSVBVM60 ref: 0045801F
                                      • __vbaFreeVar.MSVBVM60 ref: 00458024
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$IndexListLoadUbound$#631#711$#616BstrLbound
                                      • String ID: /@
                                      • API String ID: 1261631592-2163338593
                                      • Opcode ID: ca13c412d23443cff0008d1ed638df54132ba1910872439575ddef91c1dd4701
                                      • Instruction ID: d1bec530da8a6c3bfb905d3a8f3844a320545c4d1eaf9975a9039c52d7b57e88
                                      • Opcode Fuzzy Hash: ca13c412d23443cff0008d1ed638df54132ba1910872439575ddef91c1dd4701
                                      • Instruction Fuzzy Hash: 82B15BB59002199FDB04DFA4DC85BEEBBB8FF48700F10816AE909A7351EB745989CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044CC40, Relevance: 54.5, APIs: 28, Strings: 3, Instructions: 215COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004017F0,00410EB8,00000088), ref: 0044CCA2
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044CCB0
                                      • __vbaLateIdSt.MSVBVM60(?,00000003), ref: 0044CCE2
                                      • __vbaLateIdSt.MSVBVM60(?,00000017), ref: 0044CD01
                                      • __vbaLateIdSt.MSVBVM60(?,00000001), ref: 0044CD23
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0044CD46
                                      • __vbaLateIdSt.MSVBVM60(?,00000004), ref: 0044CD68
                                      • __vbaLateIdCall.MSVBVM60(?,0000001E,00000000), ref: 0044CD72
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000001,00000000), ref: 0044CD8A
                                      • __vbaStrVarMove.MSVBVM60(?,00000002), ref: 0044CD95
                                      • __vbaStrMove.MSVBVM60 ref: 0044CDA6
                                      • #616.MSVBVM60(00000000), ref: 0044CDA9
                                      • __vbaStrMove.MSVBVM60 ref: 0044CDB4
                                      • __vbaStrCmp.MSVBVM60(00413214,00000000), ref: 0044CDBC
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000001,00000000), ref: 0044CDD8
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044CDDE
                                      • __vbaStrMove.MSVBVM60 ref: 0044CDE9
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044CDEC
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0044CE0C
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0044CE1C
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000001,00000000), ref: 0044CE36
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044CE3C
                                      • __vbaStrMove.MSVBVM60 ref: 0044CE47
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004017F0,00410EB8,00000064), ref: 0044CE63
                                      • __vbaFreeStr.MSVBVM60 ref: 0044CE6C
                                      • __vbaFreeVar.MSVBVM60 ref: 0044CE75
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044CE81
                                      • __vbaFreeObj.MSVBVM60(0044CEC0), ref: 0044CEB9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$Move$Free$Call$AddrefCheckHresultList$#616Bstr
                                      • String ID: *.rtf$.rtf$All files(*.*)|Rich Text Format$(*.rtf)
                                      • API String ID: 1679148875-3630224823
                                      • Opcode ID: d22765052b91f051ae13af4806b416b348f981b2d416243150aa46f08909bb5e
                                      • Instruction ID: 7ca34ba458590c07c444af86e31c89e0c146322c7009e1684e41bd3e67e212f4
                                      • Opcode Fuzzy Hash: d22765052b91f051ae13af4806b416b348f981b2d416243150aa46f08909bb5e
                                      • Instruction Fuzzy Hash: FC81FF71A10205AFDB00DFA4CD85FAEFBB8FF48700F14855AE509EB291DB74A985CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D7B, Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 206COMMON
                                      Download Yara Rule
                                      APIs
                                      • #593.MSVBVM60(?,660E6C30,660E6A76,660E6C4A), ref: 0045F02B
                                      • __vbaFpR8.MSVBVM60 ref: 0045F031
                                      • __vbaFreeVar.MSVBVM60 ref: 0045F063
                                      • #593.MSVBVM60(?), ref: 0045F080
                                      • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000007,00000000), ref: 0045F0B3
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F0DF
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F10B
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F131
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F15A
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F183
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F1AC
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F1D5
                                      • __vbaVarCopy.MSVBVM60 ref: 0045F202
                                      • __vbaFPInt.MSVBVM60(?), ref: 0045F21E
                                      • #665.MSVBVM60(?), ref: 0045F23C
                                      • __vbaErase.MSVBVM60(00000000,?), ref: 0045F248
                                      • __vbaVarCat.MSVBVM60(?,?,?), ref: 0045F25D
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045F264
                                      • __vbaStrMove.MSVBVM60 ref: 0045F274
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0045F284
                                      • __vbaStrCat.MSVBVM60(\ulnone), ref: 0045F298
                                      • __vbaStrMove.MSVBVM60 ref: 0045F2A2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Copy$Move$#593Free$#665EraseListRedim
                                      • String ID: \ul$\uld$\uldash$\uldashd$\uldashdd$\ulhair$\ulnone$\ulth$\ulwave
                                      • API String ID: 2058473216-1932914453
                                      • Opcode ID: b62fe3807e1844390acd8021d36e4ef86320057ca469600be3c5e501ea46e233
                                      • Instruction ID: 199b68ae693b0b69f6bf1ae10ed28144a39e3c4d37d274736a86d66ee220874d
                                      • Opcode Fuzzy Hash: b62fe3807e1844390acd8021d36e4ef86320057ca469600be3c5e501ea46e233
                                      • Instruction Fuzzy Hash: C1911BB0D00229DFDB14CF58CA58BADBBB5FF48300F1181AAE60ABB251D774AA45CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00479150, Relevance: 51.1, APIs: 24, Strings: 5, Instructions: 350COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402DB8,00411D10,00000048), ref: 004791D7
                                      • __vbaStrCopy.MSVBVM60 ref: 004791EB
                                      • __vbaVargVar.MSVBVM60(?), ref: 00479221
                                      • __vbaLateMemCallLd.MSVBVM60(?,00479966,Buttons,00000001), ref: 00479274
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,00000000), ref: 00479282
                                      • __vbaVarZero.MSVBVM60 ref: 00479290
                                      • __vbaFreeVar.MSVBVM60 ref: 0047929F
                                      • __vbaVarLateMemSt.MSVBVM60(?,Text), ref: 004792EC
                                      • __vbaFreeVar.MSVBVM60 ref: 004792F1
                                      • __vbaVarLateMemSt.MSVBVM60(?,Enabled), ref: 004793A8
                                      • __vbaFreeVar.MSVBVM60 ref: 004793AD
                                      • __vbaVargVar.MSVBVM60(?), ref: 004793D3
                                      • __vbaLateMemCallLd.MSVBVM60(?,00479966,Buttons,00000001), ref: 00479426
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,00000000), ref: 00479434
                                      • __vbaVarZero.MSVBVM60 ref: 00479445
                                      • __vbaFreeVar.MSVBVM60 ref: 0047944E
                                      • __vbaVarLateMemSt.MSVBVM60(?,Text), ref: 0047949C
                                      • __vbaFreeVar.MSVBVM60 ref: 004794A1
                                      • __vbaVarLateMemSt.MSVBVM60(?,Enabled), ref: 004794F0
                                      • __vbaFreeVar.MSVBVM60 ref: 004794F5
                                      • __vbaLateMemSt.MSVBVM60(00479966,Enabled), ref: 00479524
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?,00479577), ref: 0047956D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$Free$Call$VargZero$CheckCopyHresultList
                                      • String ID: ButtonMenus$Buttons$Enabled$Text$/@
                                      • API String ID: 1317623588-3500543923
                                      • Opcode ID: 6fcda787b883f5bf9dffdba7426bbcb7eb5923d96b86ce43740847293d70120e
                                      • Instruction ID: b4bbe356d483f891347fd13dcfbec449e83ec006436b92234a8d55f58f5abeef
                                      • Opcode Fuzzy Hash: 6fcda787b883f5bf9dffdba7426bbcb7eb5923d96b86ce43740847293d70120e
                                      • Instruction Fuzzy Hash: 58E117B09002099FDB04DFA8C984AEEFBB5FF48300F24855EE509AB351D775A986CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004759B0, Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 249COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00475A27
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 00475A52
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,000000D0), ref: 00475A80
                                      • __vbaStrCopy.MSVBVM60 ref: 00475A8B
                                      • __vbaFreeStr.MSVBVM60 ref: 00475A94
                                      • __vbaFreeObj.MSVBVM60 ref: 00475A9D
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00475AB5
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 00475ADA
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,000000D8), ref: 00475B00
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00475B14
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 00475B39
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,000000F8), ref: 00475B5F
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00475B73
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 00475B98
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000058), ref: 00475BB8
                                      • __vbaStrCat.MSVBVM60(00418324,?), ref: 00475BC9
                                      • __vbaStrMove.MSVBVM60 ref: 00475BD6
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 00475BDD
                                      • __vbaStrMove.MSVBVM60 ref: 00475BE4
                                      • __vbaStrCat.MSVBVM60(00418324,00000000), ref: 00475BEC
                                      • __vbaStrMove.MSVBVM60 ref: 00475BF3
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 00475BFA
                                      • __vbaStrMove.MSVBVM60 ref: 00475C01
                                      • __vbaStrCopy.MSVBVM60 ref: 00475C11
                                      • __vbaFreeStrList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 00475C31
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00475C45
                                      • __vbaStrCopy.MSVBVM60 ref: 00475C56
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$FreeMoveNew2$Copy$List
                                      • String ID: 0,@$1.0.0.0
                                      • API String ID: 4072739145-1860763710
                                      • Opcode ID: 4fd3dd646ee2003049d91cb2acd6877415ccbae0e3f243abe5c568dc213f64df
                                      • Instruction ID: 3c26ca6e961df5239ac5318375d78a3d27ef68a579b8a22eb0931544a2c24c6c
                                      • Opcode Fuzzy Hash: 4fd3dd646ee2003049d91cb2acd6877415ccbae0e3f243abe5c568dc213f64df
                                      • Instruction Fuzzy Hash: 77915271E00209AFCB10DF95CD85DEEBBB9FF58704B20852AF505F71A0D6B46949CBA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463A20, Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 238COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrMove.MSVBVM60 ref: 00463A83
                                      • __vbaInStr.MSVBVM60(00000000,\uc,?,00000001), ref: 00463A91
                                      • __vbaStrCat.MSVBVM60(004106F8,00414620,00000001), ref: 00463ABC
                                      • __vbaStrMove.MSVBVM60 ref: 00463AC7
                                      • #631.MSVBVM60(?,-00000001,00000002,00000000), ref: 00463AD3
                                      • __vbaStrMove.MSVBVM60 ref: 00463ADE
                                      • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00463AE2
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00463AFB
                                      • __vbaFreeVar.MSVBVM60 ref: 00463B07
                                      • #631.MSVBVM60(?,-00000001,00000002), ref: 00463B36
                                      • __vbaStrMove.MSVBVM60 ref: 00463B41
                                      • __vbaStrCmp.MSVBVM60(00412B64,00000000), ref: 00463B49
                                      • __vbaFreeStr.MSVBVM60 ref: 00463B5B
                                      • __vbaFreeVar.MSVBVM60 ref: 00463B64
                                      • #616.MSVBVM60(?,-00000001), ref: 00463B7D
                                      • __vbaStrMove.MSVBVM60 ref: 00463B88
                                      • #631.MSVBVM60(?,-00000002,00000002), ref: 00463BAB
                                      • __vbaStrMove.MSVBVM60 ref: 00463BB6
                                      • __vbaStrMove.MSVBVM60(?,000000FF,00000000), ref: 00463BD7
                                      • #711.MSVBVM60(?,00000000), ref: 00463BDE
                                      • __vbaVargVarMove.MSVBVM60 ref: 00463BEA
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 00463BFA
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00463C0A
                                      • __vbaFreeStr.MSVBVM60(00463C4C), ref: 00463C45
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00463C61
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004026A8,00411700,0000004C), ref: 00463CC1
                                      • __vbaLateIdSt.MSVBVM60(004642FD,0000000D), ref: 00463CEE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$#631List$#616#711CheckErrorHresultLateOverflowVarg
                                      • String ID: \uc$/@
                                      • API String ID: 77107664-4134482460
                                      • Opcode ID: 570060f24f6c20506cc0f602dd49ecef280477c8a4fdabfcb8928d637aadce2f
                                      • Instruction ID: 39fcd07b1e6b721bd8942abb4bea608e67d8b8154c25a9706f4d7bb0a1edaa7a
                                      • Opcode Fuzzy Hash: 570060f24f6c20506cc0f602dd49ecef280477c8a4fdabfcb8928d637aadce2f
                                      • Instruction Fuzzy Hash: 91913DB5900219AFDB04DFA4DD88EEEBBB8FF48B01F10411AF905B7290D7785945CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00450F50, Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 228COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00450FA8
                                      • __vbaUbound.MSVBVM60(00000001), ref: 00450FAF
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00450FBC
                                      • __vbaLbound.MSVBVM60(00000001,?), ref: 00450FC3
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045100B
                                      • __vbaVarTstNe.MSVBVM60(00008008,00000000), ref: 00451019
                                      • __vbaFreeVar.MSVBVM60 ref: 00451024
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00451072
                                      • __vbaVarCat.MSVBVM60(?,00000000), ref: 00451086
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00451091
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00451094
                                      • __vbaStrMove.MSVBVM60 ref: 0045109F
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 004510B3
                                      • __vbaLenBstr.MSVBVM60(?), ref: 004510E0
                                      • #618.MSVBVM60(?,00000000), ref: 004510E7
                                      • __vbaStrMove.MSVBVM60 ref: 004510F2
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 004510FC
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 0045110E
                                      • __vbaLenBstr.MSVBVM60(00000000,?,00000000), ref: 0045111C
                                      • __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 00451124
                                      • #616.MSVBVM60(?,00000000,?,00000000), ref: 0045112F
                                      • __vbaStrMove.MSVBVM60(?,00000000), ref: 0045113A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$BstrFree$IndexLoad$#616#618LboundListUbound
                                      • String ID: ~!~!~!*~!$/@
                                      • API String ID: 58673345-3204139715
                                      • Opcode ID: 0410bf864f38b6c61204f0cafb1092cfb8ff3de1d5757a9afce8d5c713a60261
                                      • Instruction ID: 518e68bde43f10449b0cee44944fe734927202868f3f47406673eedd28e8e820
                                      • Opcode Fuzzy Hash: 0410bf864f38b6c61204f0cafb1092cfb8ff3de1d5757a9afce8d5c713a60261
                                      • Instruction Fuzzy Hash: 7E914AB5D00209DFCB00DFA4D984AAEBBB8FF48700F10856AE906F7265DB789945CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047E300, Relevance: 49.7, APIs: 33, Instructions: 223COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 0047E371
                                      • __vbaStrCopy.MSVBVM60 ref: 0047E37B
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 0047E38F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 0047E3B4
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000058), ref: 0047E3D8
                                      • __vbaStrMove.MSVBVM60 ref: 0047E3ED
                                      • __vbaFreeObj.MSVBVM60 ref: 0047E3F2
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 0047E40A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 0047E42F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000050), ref: 0047E453
                                      • __vbaStrMove.MSVBVM60 ref: 0047E462
                                      • __vbaFreeObj.MSVBVM60 ref: 0047E467
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402E80,004194CC,00000700), ref: 0047E492
                                      • __vbaStrMove.MSVBVM60 ref: 0047E4A1
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402E80,004194CC,00000700), ref: 0047E4C5
                                      • __vbaStrMove.MSVBVM60 ref: 0047E4D4
                                      • __vbaStrCat.MSVBVM60(?,?,?), ref: 0047E4E8
                                      • __vbaStrMove.MSVBVM60 ref: 0047E4EF
                                      • __vbaStrCat.MSVBVM60(?,00000000), ref: 0047E4F6
                                      • __vbaStrMove.MSVBVM60 ref: 0047E4FD
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0047E500
                                      • __vbaStrMove.MSVBVM60 ref: 0047E507
                                      • __vbaStrCat.MSVBVM60(?,?,00000000), ref: 0047E512
                                      • __vbaStrMove.MSVBVM60 ref: 0047E519
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0047E51C
                                      • __vbaVarMove.MSVBVM60 ref: 0047E52E
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 0047E546
                                      • __vbaFreeStr.MSVBVM60(0047E5B8), ref: 0047E59C
                                      • __vbaFreeStr.MSVBVM60 ref: 0047E5A1
                                      • __vbaFreeStr.MSVBVM60 ref: 0047E5A6
                                      • __vbaFreeStr.MSVBVM60 ref: 0047E5AB
                                      • __vbaFreeStr.MSVBVM60 ref: 0047E5B0
                                      • __vbaFreeStr.MSVBVM60 ref: 0047E5B5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$CheckHresult$CopyNew2$List
                                      • String ID:
                                      • API String ID: 2359411555-0
                                      • Opcode ID: 306150f15cd5f569ed7ac77b32957358cddf1a82b6cf9943a40e38c19ef00c29
                                      • Instruction ID: ba7840bb3a8b39720298bcf1c3a28a1e3dc11379aa76548ad0fce9f19acc34c7
                                      • Opcode Fuzzy Hash: 306150f15cd5f569ed7ac77b32957358cddf1a82b6cf9943a40e38c19ef00c29
                                      • Instruction Fuzzy Hash: 7C8108B5D00219EFCB04DBA4DD849EEBB79FF58704F10811AF506A72A0DBB46946CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044D4A0, Relevance: 49.3, APIs: 26, Strings: 2, Instructions: 263COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,0044DE72), ref: 0044D500
                                      • __vbaLateIdSt.MSVBVM60(?,00000003), ref: 0044D53B
                                      • __vbaLateIdSt.MSVBVM60(?,00000007), ref: 0044D56C
                                      • __vbaLateIdSt.MSVBVM60(?,00000017), ref: 0044D59A
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0044D5C9
                                      • __vbaLateIdSt.MSVBVM60(?,00000004), ref: 0044D5FA
                                      • __vbaVarDup.MSVBVM60 ref: 0044D61D
                                      • __vbaStrCmp.MSVBVM60(0008000E,0044E2B2), ref: 0044D62B
                                      • #681.MSVBVM60(?,?,?,00004008), ref: 0044D653
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0044D65D
                                      • __vbaLateIdSt.MSVBVM60(?,00000001), ref: 0044D68D
                                      • __vbaFreeVarList.MSVBVM60(00000004,0000000B,?,?,?), ref: 0044D6A1
                                      • __vbaLateIdCall.MSVBVM60(?,0000001F,00000000), ref: 0044D6B1
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000001,00000000), ref: 0044D6C5
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044D6CF
                                      • __vbaStrMove.MSVBVM60 ref: 0044D6DA
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044D6E1
                                      • __vbaFreeStr.MSVBVM60 ref: 0044D6F4
                                      • __vbaFreeVar.MSVBVM60 ref: 0044D6FD
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000001,00000000), ref: 0044D71B
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044D725
                                      • __vbaLateIdSt.MSVBVM60(00000000,00000013), ref: 0044D752
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0044D75E
                                      • __vbaLateIdCall.MSVBVM60(00000000,00000026,00000001), ref: 0044D79C
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044D7B4
                                      • __vbaFreeObj.MSVBVM60(0044D7EF), ref: 0044D7E8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$Free$CallMove$AddrefList$#681Bstr
                                      • String ID: .rtf$All files(*.*)|Rich Text Format$(*.rtf)
                                      • API String ID: 427329179-1305274904
                                      • Opcode ID: 5d82abb8ebcf1172f952d1d337a334247e1397b8f1579cecb9c4e939c143bc63
                                      • Instruction ID: b33d7ae393a5e379e1a0ddc4d3d094702cbea8f81a71b094d71a2ec9516f626e
                                      • Opcode Fuzzy Hash: 5d82abb8ebcf1172f952d1d337a334247e1397b8f1579cecb9c4e939c143bc63
                                      • Instruction Fuzzy Hash: 73B11BB1D002099FDB04DFA8D985AADFBB4FF48300F14866EE50AAB395D774A984CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00444520, Relevance: 47.6, APIs: 25, Strings: 2, Instructions: 367COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00444572
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,0000005C,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004445C1
                                      • __vbaErrorOverflow.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004445ED
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 00444684
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004446A0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000BC,?,00000000), ref: 004446CB
                                      • __vbaVarNot.MSVBVM60(?,?,?,00000000), ref: 004446DB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000C0), ref: 00444715
                                      • __vbaFreeVar.MSVBVM60 ref: 0044471E
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 0044473D
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 00444759
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000B8,?,00000000), ref: 00444784
                                      • __vbaVarNot.MSVBVM60(?,?,?,00000000), ref: 00444794
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004447E2
                                      • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00444803
                                      • __vbaStrCopy.MSVBVM60(?,00000000), ref: 0044480D
                                      • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00444817
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000020,?,00000000), ref: 0044483E
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000), ref: 00444852
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 00444872
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004448B4
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004448D0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000CC,?,00000000), ref: 004448FB
                                      • __vbaNew2.MSVBVM60(00406AD0,004820C0,?,00000000), ref: 00444939
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000A8,?,00000000), ref: 0044499D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$CheckHresult$Copy$Free$ErrorListOverflow
                                      • String ID: <\b>$<b>
                                      • API String ID: 2860227000-2626912829
                                      • Opcode ID: 1877dc624132dd1537f1d665abae62106505badc08d9d7c7ddb73cceb4a736eb
                                      • Instruction ID: 8889278df27f7e4b5019980fe540b1085096777e7f1c79c8ffc63e0f321f39da
                                      • Opcode Fuzzy Hash: 1877dc624132dd1537f1d665abae62106505badc08d9d7c7ddb73cceb4a736eb
                                      • Instruction Fuzzy Hash: 27D17175A00204EFDB11EF64CA89A9EBBF4FF49705F20856EE905B73A0C7789845CB58
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045B640, Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 331COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,00402FE6), ref: 0045B65E
                                      • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,00402FE6), ref: 0045B68E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,000000CC), ref: 0045B6DD
                                      • __vbaLbound.MSVBVM60(00000001,00000000), ref: 0045B6FE
                                      • __vbaUbound.MSVBVM60(00000001,00000000), ref: 0045B735
                                      • __vbaLbound.MSVBVM60(00000001), ref: 0045B745
                                      • _adj_fdiv_m64.MSVBVM60 ref: 0045B77C
                                      • __vbaForEachAry.MSVBVM60(00000003,?,?,?), ref: 0045B7B4
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 0045B809
                                      • #582.MSVBVM60(?,00402FE6), ref: 0045B81E
                                      • __vbaFpI2.MSVBVM60(?,00402FE6), ref: 0045B872
                                      • __vbaExitEachAry.MSVBVM60(?), ref: 0045B89E
                                      • #588.MSVBVM60(?,?,?,?,00402FE6), ref: 0045B9E5
                                      • __vbaNextEachAry.MSVBVM60(00000003,?,?,?,?,00402FE6), ref: 0045BA23
                                      • __vbaOnError.MSVBVM60(00000000), ref: 0045BA3F
                                      • __vbaAryUnlock.MSVBVM60(?,0045BA5F), ref: 0045BA4F
                                      • __vbaFreeVar.MSVBVM60 ref: 0045BA58
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Each$ErrorLbound_adj_fdiv_m64$#582#588CheckChkstkExitFreeHresultNextUboundUnlock
                                      • String ID: /@
                                      • API String ID: 1372923659-2163338593
                                      • Opcode ID: 2d7bcb332b01486e066073b3d8fc2cb34a30c5d43297ce2444c2981a10cbc3bf
                                      • Instruction ID: b179a6c27257b5b60ebf567bda8246adca922a840b29a4ccac4888aa9400e389
                                      • Opcode Fuzzy Hash: 2d7bcb332b01486e066073b3d8fc2cb34a30c5d43297ce2444c2981a10cbc3bf
                                      • Instruction Fuzzy Hash: D6E17D74900208EFDB04DF94DA88BEEBBB4FF48305F10819AE945A72A1CB745E99CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407ABD, Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 231COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,00080001), ref: 00458B89
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00458BB7
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00458BC1
                                      • __vbaStrMove.MSVBVM60 ref: 00458BCC
                                      • __vbaFreeVar.MSVBVM60 ref: 00458BD5
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,00000001), ref: 00458BE7
                                      • #631.MSVBVM60(?,-00000004,?), ref: 00458C25
                                      • #561.MSVBVM60(?), ref: 00458C39
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,00000008), ref: 00458C4F
                                      • __vbaInStr.MSVBVM60(00000000,0041071C,?,00000000), ref: 00458C70
                                      • #631.MSVBVM60(?,-00000003,00000002), ref: 00458CA9
                                      • __vbaStrMove.MSVBVM60 ref: 00458CB4
                                      • __vbaFreeVar.MSVBVM60 ref: 00458CBD
                                      • #581.MSVBVM60(?), ref: 00458CC7
                                      • __vbaFpI2.MSVBVM60 ref: 00458CF3
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000003,00000008), ref: 00458D41
                                      • __vbaStrI2.MSVBVM60(?,-00000003,-00000003,?), ref: 00458D70
                                      • __vbaStrMove.MSVBVM60 ref: 00458D7B
                                      • __vbaMidStmtBstr.MSVBVM60(00000000,00000000), ref: 00458D84
                                      • __vbaFreeStr.MSVBVM60 ref: 00458D8D
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,-00000001), ref: 00458DA9
                                      • __vbaLateIdSt.MSVBVM60(?,0000000B), ref: 00458DE0
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00458E04
                                      • __vbaFreeObj.MSVBVM60(00458E4C), ref: 00458E35
                                      • __vbaFreeStr.MSVBVM60 ref: 00458E44
                                      • __vbaFreeStr.MSVBVM60 ref: 00458E49
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00458E70
                                      • __vbaLateIdCallLd.MSVBVM60(?,0045956F,00000009,00000000), ref: 00458EC8
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00458ED2
                                      • __vbaLateIdSt.MSVBVM60(0045956F,0000000B), ref: 00458EFF
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00458F0F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Late$List$#631AddrefCall$#561#581BstrErrorOverflowStmt
                                      • String ID: \fs
                                      • API String ID: 2566698707-1615651425
                                      • Opcode ID: bb6e8f2a1e0961be9e6228bb21493d76914883242f46267cb51e753d24a30abd
                                      • Instruction ID: 9992002c09da9c504b1fb39140888918e9da7ef633c02028eb371820c93a9cf3
                                      • Opcode Fuzzy Hash: bb6e8f2a1e0961be9e6228bb21493d76914883242f46267cb51e753d24a30abd
                                      • Instruction Fuzzy Hash: D7914BB19002299BDB14DFA4DD89AEEBBB8FF48701F00815AE805F7251DB745989CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407B0B, Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 150COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrMove.MSVBVM60 ref: 00459617
                                      • #616.MSVBVM60(?,00459D30), ref: 00459621
                                      • __vbaStrMove.MSVBVM60 ref: 0045962C
                                      • __vbaInStr.MSVBVM60(00000000,{\fonttbl,?,00000001), ref: 00459640
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 00459651
                                      • __vbaInStr.MSVBVM60(00000000,;}},?,?), ref: 00459665
                                      • #631.MSVBVM60(?,00000000,?), ref: 0045968C
                                      • __vbaStrMove.MSVBVM60 ref: 00459697
                                      • __vbaFreeVar.MSVBVM60 ref: 0045969C
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 004596AE
                                      • __vbaInStr.MSVBVM60(00000000,00412B58,?,00000000), ref: 004596C1
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000000), ref: 004596CE
                                      • #631.MSVBVM60(?,00000000,?), ref: 004596EF
                                      • __vbaStrMove.MSVBVM60 ref: 004596FA
                                      • __vbaFreeVar.MSVBVM60 ref: 00459703
                                      • __vbaStrCopy.MSVBVM60 ref: 0045970F
                                      • __vbaFreeStr.MSVBVM60(0045976D), ref: 00459747
                                      • __vbaFreeStr.MSVBVM60 ref: 0045974C
                                      • __vbaFreeStr.MSVBVM60 ref: 00459751
                                      • __vbaFreeStr.MSVBVM60 ref: 00459756
                                      • __vbaFreeStr.MSVBVM60 ref: 0045975B
                                      • __vbaFreeStr.MSVBVM60 ref: 00459760
                                      • __vbaFreeStr.MSVBVM60 ref: 00459765
                                      • __vbaFreeStr.MSVBVM60 ref: 0045976A
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0045978A
                                      • #616.MSVBVM60(?,00459EAF), ref: 004597EB
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004597F6
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004597FF
                                      • __vbaInStr.MSVBVM60(00000000,{\fonttbl,?,00000001), ref: 00459817
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00459827
                                      • __vbaFreeStr.MSVBVM60(004598A9), ref: 004598A2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$#616#631Copy$ErrorOverflow
                                      • String ID: ;}}${\colortbl${\fonttbl
                                      • API String ID: 184888412-2419831195
                                      • Opcode ID: 58cde2b3f2a298696b38c81288078e86c735e2992dbb377c29cd46740726940a
                                      • Instruction ID: cb0f8fbbef96d79a7b66eb0f56d998e5f08101f699db91e55b67bca1abeb8f3b
                                      • Opcode Fuzzy Hash: 58cde2b3f2a298696b38c81288078e86c735e2992dbb377c29cd46740726940a
                                      • Instruction Fuzzy Hash: 7B51C5B1D10218ABDB04DFA4DD849EEBBB8EF58701F10411AF902B7264DBB46A46CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040736B, Relevance: 46.7, APIs: 31, Instructions: 243COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 004505FB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000018), ref: 00450626
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FF4,00000080), ref: 00450654
                                      • __vbaFpI4.MSVBVM60 ref: 00450662
                                      • __vbaFpI4.MSVBVM60 ref: 00450669
                                      • __vbaFreeObj.MSVBVM60 ref: 00450678
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00450691
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000018), ref: 004506B6
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FF4,00000088), ref: 004506DC
                                      • __vbaFpI4.MSVBVM60 ref: 004506E4
                                      • __vbaFpI4.MSVBVM60 ref: 004506EB
                                      • __vbaFreeObj.MSVBVM60 ref: 004506FA
                                      • __vbaFreeStr.MSVBVM60(0045098F), ref: 00450987
                                      • __vbaFreeStr.MSVBVM60 ref: 0045098C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckFreeHresult$New2
                                      • String ID:
                                      • API String ID: 4034668929-0
                                      • Opcode ID: 3ab9486bf92aa686c281cc67e1c1cbf70d67007a487d9f7c927bb47a74ebde35
                                      • Instruction ID: c43b9d23ed9f632562095de25b8d1c433a1aacd155b5b50d41ac31c4060e96bc
                                      • Opcode Fuzzy Hash: 3ab9486bf92aa686c281cc67e1c1cbf70d67007a487d9f7c927bb47a74ebde35
                                      • Instruction Fuzzy Hash: 96918175900218ABCB10DFA5CD88AEEBBB8FF48700F10452AE905B72A1DB749845CF98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004078E9, Relevance: 45.7, APIs: 22, Strings: 4, Instructions: 207COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00453384
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 004533A9
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000050), ref: 004533CD
                                      • __vbaStrCat.MSVBVM60(00412B64,?), ref: 004533E5
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004533EC
                                      • __vbaStrCat.MSVBVM60(Materials.dat,00000000), ref: 004533F8
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004533FF
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00453409
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0045341D
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00453429
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C70,00411700,000000C8), ref: 0045346B
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00453484
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 004534A9
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000050), ref: 004534CD
                                      • __vbaStrCat.MSVBVM60(00412B64,?), ref: 004534DF
                                      • __vbaStrMove.MSVBVM60 ref: 004534E6
                                      • __vbaStrCat.MSVBVM60(Styles.dat,00000000), ref: 004534F2
                                      • __vbaStrMove.MSVBVM60 ref: 004534F9
                                      • __vbaStrCopy.MSVBVM60 ref: 00453503
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00453517
                                      • __vbaFreeObj.MSVBVM60 ref: 00453523
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C70,00411700,000001F8), ref: 00453565
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$FreeMove$CopyListNew2
                                      • String ID: 7AE$Materials.dat$Styles.dat$s
                                      • API String ID: 282416139-1744938610
                                      • Opcode ID: aa869dd4c9f6cd748728001616ac7c2360545434cd1eb14293882231ca7af5b4
                                      • Instruction ID: a02e56d18afecafab4df2051d21aed061e12428bed46ce1eaceaaad582ad1bec
                                      • Opcode Fuzzy Hash: aa869dd4c9f6cd748728001616ac7c2360545434cd1eb14293882231ca7af5b4
                                      • Instruction Fuzzy Hash: 3B713F75A00205AFDB00DF95CD89EEEBBB8FB48746F104529F906F31A0DB74A945CB68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044CEE0, Relevance: 45.7, APIs: 22, Strings: 4, Instructions: 173COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 0044CF68
                                      • __vbaStrCat.MSVBVM60(004106F8,WARNING!), ref: 0044CF7E
                                      • __vbaStrMove.MSVBVM60 ref: 0044CF8B
                                      • __vbaStrCat.MSVBVM60(This will re-load the current saved document.,00000000), ref: 0044CF93
                                      • __vbaStrMove.MSVBVM60 ref: 0044CF9A
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0044CFA2
                                      • __vbaStrMove.MSVBVM60 ref: 0044CFA9
                                      • __vbaStrCat.MSVBVM60(All edits since last save will be lost.,00000000), ref: 0044CFB1
                                      • __vbaStrMove.MSVBVM60 ref: 0044CFB8
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0044CFC0
                                      • __vbaStrMove.MSVBVM60 ref: 0044CFC7
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0044CFCF
                                      • __vbaStrMove.MSVBVM60 ref: 0044CFD6
                                      • __vbaStrCat.MSVBVM60(Continue?,00000000), ref: 0044CFDE
                                      • #595.MSVBVM60(00000008,00000011,?,?,?), ref: 0044CFFC
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 0044D026
                                      • __vbaFreeVarList.MSVBVM60(00000004,00000008,?,?,?), ref: 0044D03E
                                      • __vbaLateIdCallLd.MSVBVM60(00000008,0044D7BA,00000008,00000000), ref: 0044D05A
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044D064
                                      • __vbaFreeVar.MSVBVM60 ref: 0044D070
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401800,00410EB8,00000064), ref: 0044D08D
                                      • __vbaLateIdSt.MSVBVM60(0044D7BA,00000008), ref: 0044D0BD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$LateList$#595CallCheckHresult
                                      • String ID: All edits since last save will be lost.$Continue?$This will re-load the current saved document.$WARNING!
                                      • API String ID: 1931752963-2272067897
                                      • Opcode ID: 64279cb7cc36a834428bab5fa6834b04100a135636e63295835f0f6e8bf68dda
                                      • Instruction ID: 42156004bf15902a8e77e929b6fceb341152b43468df520bfe468ed8cbc1d9e6
                                      • Opcode Fuzzy Hash: 64279cb7cc36a834428bab5fa6834b04100a135636e63295835f0f6e8bf68dda
                                      • Instruction Fuzzy Hash: 566109B1D00218AFDB14DFA8CD85AEEFBB9FF58704F10821AE506A7250DBB45945CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A2E, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 192COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457373
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457380
                                      • __vbaStrCat.MSVBVM60( you have created.,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457388
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 0045738F
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457397
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 0045739E
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573A6
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573AD
                                      • __vbaStrCat.MSVBVM60(Are you sure?,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573B5
                                      • #595.MSVBVM60(?,00000004,?,?,?,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573D3
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573F7
                                      • __vbaFreeVarList.MSVBVM60(00000004,00000008,?,?,?,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 0045740F
                                      • __vbaVarDup.MSVBVM60(?,00000000,660E6C30), ref: 00457446
                                      • #711.MSVBVM60(?,00000000,?,000000FF,00000000), ref: 0045745D
                                      • __vbaVarMove.MSVBVM60 ref: 0045746F
                                      • __vbaFreeVar.MSVBVM60 ref: 00457474
                                      • __vbaVarMove.MSVBVM60 ref: 00457494
                                      • __vbaForEachVar.MSVBVM60(?,?,?,?,?,?), ref: 004574C7
                                      • __vbaStrErrVarCopy.MSVBVM60(?), ref: 004574D5
                                      • __vbaStrMove.MSVBVM60 ref: 004574E0
                                      • __vbaFreeStr.MSVBVM60 ref: 004574F3
                                      • __vbaNextEachVar.MSVBVM60(?,?,?,?,?), ref: 00457519
                                      • __vbaAryUnlock.MSVBVM60(?,00457586), ref: 00457563
                                      • __vbaFreeObj.MSVBVM60 ref: 0045756F
                                      • __vbaFreeVar.MSVBVM60 ref: 0045757E
                                      • __vbaFreeVar.MSVBVM60 ref: 00457583
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$EachList$#595#711CopyNextUnlock
                                      • String ID: you have created.$Are you sure?$If you proceed you will lose ALL
                                      • API String ID: 3760891215-2946247451
                                      • Opcode ID: 64cfe3628fbd75259c0ed88aa96a0488f98065bd66a5a1cd6a2ff15d44c5f0a7
                                      • Instruction ID: c7113e257565e7ab72b99dfde030d533967d9d77ab56ed0144b21c626911bdbb
                                      • Opcode Fuzzy Hash: 64cfe3628fbd75259c0ed88aa96a0488f98065bd66a5a1cd6a2ff15d44c5f0a7
                                      • Instruction Fuzzy Hash: D571D7B1900229AFDB14DF94DD84EEEBBB9FF48304F10426EE50AA7150EB745A49CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004092F0, Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 286COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 00444684
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004446A0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000BC,?,00000000), ref: 004446CB
                                      • __vbaVarNot.MSVBVM60(?,?,?,00000000), ref: 004446DB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000C0), ref: 00444715
                                      • __vbaFreeVar.MSVBVM60 ref: 0044471E
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 0044473D
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 00444759
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000B8,?,00000000), ref: 00444784
                                      • __vbaVarNot.MSVBVM60(?,?,?,00000000), ref: 00444794
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004447E2
                                      • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00444803
                                      • __vbaStrCopy.MSVBVM60(?,00000000), ref: 0044480D
                                      • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00444817
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000020,?,00000000), ref: 0044483E
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000), ref: 00444852
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 00444872
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004448B4
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,00000000), ref: 004448D0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000CC,?,00000000), ref: 004448FB
                                      • __vbaNew2.MSVBVM60(00406AD0,004820C0,?,00000000), ref: 00444939
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000A8,?,00000000), ref: 0044499D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$CheckHresult$Copy$Free$List
                                      • String ID: <\b>$<b>
                                      • API String ID: 675994403-2626912829
                                      • Opcode ID: 6ba22e73dd145bea63d5e5d6512b1991fbc65e0557131a7f0c8dc70f35c41987
                                      • Instruction ID: dbd7b7be0f0543454087c94041c04a7f4e3681467d8cc464d12fe27a3f722d4d
                                      • Opcode Fuzzy Hash: 6ba22e73dd145bea63d5e5d6512b1991fbc65e0557131a7f0c8dc70f35c41987
                                      • Instruction Fuzzy Hash: F7B18071900204EFDB11DF64CA88E9EBBB5FF89705F20856FE505B72A0C7B89846CB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044E7C0, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 200COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrI2.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E814
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E81F
                                      • __vbaStrCat.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E822
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E82D
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E84D
                                      • __vbaErrorOverflow.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E8AD
                                      • __vbaObjSetAddref.MSVBVM60(?,0044EACD), ref: 0044E911
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000), ref: 0044E93C
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044E942
                                      • __vbaStrMove.MSVBVM60 ref: 0044E94D
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E956
                                      • __vbaStrCopy.MSVBVM60 ref: 0044E964
                                      • __vbaFreeStr.MSVBVM60 ref: 0044E97E
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000,?), ref: 0044E993
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044E999
                                      • __vbaStrMove.MSVBVM60 ref: 0044E9A4
                                      • __vbaStrCmp.MSVBVM60(00000000), ref: 0044E9AB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$CallLate$AddrefCopyErrorListOverflow
                                      • String ID: /@
                                      • API String ID: 229196456-2163338593
                                      • Opcode ID: f19208381b33f78b2f3d073d11308b7c45fbc86c9bf8465ca75a7be77d618b07
                                      • Instruction ID: 794676fc8fcf18107d9717ac55b792928ba637cd33ca178aee14c171e90dde81
                                      • Opcode Fuzzy Hash: f19208381b33f78b2f3d073d11308b7c45fbc86c9bf8465ca75a7be77d618b07
                                      • Instruction Fuzzy Hash: CE71FD75D0020ADFDB04DFA5DD899EEBBB8FF48700F148169E516B32A0EB345946CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00479690, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 187COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0047971A
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 0047971D
                                      • __vbaFreeObj.MSVBVM60 ref: 00479726
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00479740
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000), ref: 00479747
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00479751
                                      • __vbaStrMove.MSVBVM60 ref: 0047975C
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 00479763
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00479794
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 00479797
                                      • __vbaFreeStr.MSVBVM60 ref: 004797A0
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004797B0
                                      • __vbaFreeVar.MSVBVM60 ref: 004797BC
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004797D0
                                      • __vbaNew2.MSVBVM60(00407470,00402E0C), ref: 004797E2
                                      • __vbaNew2.MSVBVM60(004081F4,00482010), ref: 004797FD
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00479816
                                      • __vbaObjSet.MSVBVM60(?,?), ref: 00479827
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,00000020), ref: 00479846
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,00000000), ref: 0047985A
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00479871
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00419234,0000005C), ref: 0047988C
                                      • __vbaFreeObj.MSVBVM60 ref: 00479895
                                      Strings
                                      • Welcome! This demo program is based on manipulating RTF code!, xrefs: 004796DA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$CheckHresultListMoveNew2$BstrCall
                                      • String ID: Welcome! This demo program is based on manipulating RTF code!
                                      • API String ID: 1688371818-2458385971
                                      • Opcode ID: 58936d7d4154e224f7df80ab793f42dc4f8fc495033b435839bd03423e01b4fd
                                      • Instruction ID: becb21ac1f5806a593428415015f9752310405d8f112e99ffff47bcc31d0aa1c
                                      • Opcode Fuzzy Hash: 58936d7d4154e224f7df80ab793f42dc4f8fc495033b435839bd03423e01b4fd
                                      • Instruction Fuzzy Hash: 88610CB4900209AFDB00EFA4CD88EAEBBB8FF48704F108569F545E7291D6789945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004640F0, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 162COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 00464153
                                      • #711.MSVBVM60(?,00000000,?,000000FF,00000000), ref: 0046416A
                                      • __vbaVarMove.MSVBVM60 ref: 00464176
                                      • __vbaFreeVar.MSVBVM60 ref: 00464185
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 004641B4
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 004641BE
                                      • __vbaStrMove.MSVBVM60 ref: 004641C9
                                      • __vbaFreeVar.MSVBVM60 ref: 004641D2
                                      • __vbaLenBstr.MSVBVM60(?), ref: 004641D8
                                      • __vbaStrCopy.MSVBVM60 ref: 004641EA
                                      • __vbaStrCmp.MSVBVM60(@@@@@@@@,?), ref: 004641F9
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 0046425B
                                      • __vbaVarDup.MSVBVM60 ref: 00464278
                                      • #710.MSVBVM60(?,?), ref: 00464286
                                      • __vbaStrMove.MSVBVM60 ref: 00464291
                                      • __vbaFreeStr.MSVBVM60 ref: 004642A7
                                      • __vbaFreeVar.MSVBVM60 ref: 004642B0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,&@,00411700,000001E0), ref: 004642D3
                                      • __vbaFreeVar.MSVBVM60(00464310), ref: 00464300
                                      • __vbaFreeStr.MSVBVM60 ref: 00464309
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Index$#710#711BstrCheckCopyHresultLoadStore
                                      • String ID: @@@@@@@@$Style $&@$/@
                                      • API String ID: 87621654-1066513300
                                      • Opcode ID: 3912a996b4c5f0fb1849b1459ac8ff362d4e64caf0d743ee026529dc993806a8
                                      • Instruction ID: bae3de9bfeba7c53e4698ea228cae160e125fb258e40b6b1913582cbe1699f91
                                      • Opcode Fuzzy Hash: 3912a996b4c5f0fb1849b1459ac8ff362d4e64caf0d743ee026529dc993806a8
                                      • Instruction Fuzzy Hash: BA611A71D00209DFCB04DFA9D988ADDFBB8FF48304F10856AE416AB265EB74A945CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00476AB0, Relevance: 42.1, APIs: 18, Strings: 6, Instructions: 138COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 00476B36
                                      • __vbaStrCat.MSVBVM60(004106F8,Changing a manifest file has no effect until you restart the program.), ref: 00476B4C
                                      • __vbaStrMove.MSVBVM60 ref: 00476B59
                                      • __vbaStrCat.MSVBVM60( Do you wish to restart now?,00000000), ref: 00476B61
                                      • __vbaStrMove.MSVBVM60 ref: 00476B68
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476B70
                                      • __vbaStrMove.MSVBVM60 ref: 00476B77
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476B7F
                                      • __vbaStrMove.MSVBVM60 ref: 00476B86
                                      • __vbaStrCat.MSVBVM60((For demo purposes select Cancel and a new instance appears without closing the current one,,00000000), ref: 00476B8E
                                      • __vbaStrMove.MSVBVM60 ref: 00476B95
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00476B9D
                                      • __vbaStrMove.MSVBVM60 ref: 00476BA4
                                      • __vbaStrCat.MSVBVM60(but only the last two instances are sure to do what they say.),00000000), ref: 00476BAC
                                      • #595.MSVBVM60(?,00000033,?,?,?), ref: 00476BC6
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 00476BE8
                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 00476C00
                                      • __vbaEnd.MSVBVM60 ref: 00476C1E
                                      Strings
                                      • (For demo purposes select Cancel and a new instance appears without closing the current one,, xrefs: 00476B89
                                      • but only the last two instances are sure to do what they say.), xrefs: 00476BA7
                                      • /@, xrefs: 00476ADC
                                      • ClsManifestation DEMO MODE, xrefs: 00476B2C
                                      • Changing a manifest file has no effect until you restart the program., xrefs: 00476B42
                                      • Do you wish to restart now?, xrefs: 00476B5C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList$#595
                                      • String ID: Do you wish to restart now?$(For demo purposes select Cancel and a new instance appears without closing the current one,$Changing a manifest file has no effect until you restart the program.$ClsManifestation DEMO MODE$but only the last two instances are sure to do what they say.)$/@
                                      • API String ID: 2694707432-2338605114
                                      • Opcode ID: c03b1c6b01473d0c3a794e04ed33362d9b83f4993e0d933a65d9f8e51cd3c6bb
                                      • Instruction ID: b7d61824cf73c6d7304ffad2461d7a9514c63ed5f7d2bd3f8d5970f9703d3854
                                      • Opcode Fuzzy Hash: c03b1c6b01473d0c3a794e04ed33362d9b83f4993e0d933a65d9f8e51cd3c6bb
                                      • Instruction Fuzzy Hash: C451DCB1D00249AFDB11DFA4CD85EEEBFB9EB88700F10412BE505E7250EA745985CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00464560, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 199COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCmp.MSVBVM60(00412C18), ref: 004645C3
                                      • __vbaHresultCheckObj.MSVBVM60(00000000, '@,00411700,000001E4), ref: 004645EF
                                      • __vbaVarDup.MSVBVM60 ref: 00464612
                                      • #711.MSVBVM60(?,?,?,000000FF,00000000), ref: 00464627
                                      • __vbaVarMove.MSVBVM60 ref: 00464633
                                      • __vbaFreeStr.MSVBVM60 ref: 0046463C
                                      • __vbaFreeVar.MSVBVM60 ref: 00464645
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 004646A4
                                      • __vbaStrErrVarCopy.MSVBVM60(?), ref: 004646AD
                                      • __vbaStrMove.MSVBVM60 ref: 004646B8
                                      • __vbaHresultCheckObj.MSVBVM60(00000000, '@,00411700,000001EC), ref: 004646DC
                                      • __vbaFreeStr.MSVBVM60 ref: 004646E5
                                      • __vbaFreeVar.MSVBVM60 ref: 004646EE
                                      • __vbaFreeStr.MSVBVM60(0046474C), ref: 00464734
                                      • __vbaFreeVar.MSVBVM60 ref: 0046473F
                                      • __vbaFreeVar.MSVBVM60 ref: 00464744
                                      • __vbaFreeStr.MSVBVM60 ref: 00464749
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckHresultMove$#711CopyIndexLoad
                                      • String ID: '@$/@
                                      • API String ID: 29264995-162452839
                                      • Opcode ID: 0045a707029960bca5196ca8f02e60db350b473f13a9e6536b1bd5cf158f7a8b
                                      • Instruction ID: a5dabed88c034d0f31e75d4cd2eac57df74d5757d315663a5d29732cffe8241d
                                      • Opcode Fuzzy Hash: 0045a707029960bca5196ca8f02e60db350b473f13a9e6536b1bd5cf158f7a8b
                                      • Instruction Fuzzy Hash: DD713C74900219DFCB14DFA4DD89AEEFBB8FF54300F10816AE506A7260EB786A45CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004535C0, Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrI2.MSVBVM60(?,\red), ref: 00453641
                                      • __vbaStrMove.MSVBVM60 ref: 0045364E
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00453657
                                      • __vbaStrMove.MSVBVM60 ref: 0045365E
                                      • __vbaStrCat.MSVBVM60(\green,00000000), ref: 00453666
                                      • __vbaStrMove.MSVBVM60 ref: 0045366D
                                      • __vbaStrI2.MSVBVM60(?,00000000), ref: 00453674
                                      • __vbaStrMove.MSVBVM60 ref: 0045367B
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045367E
                                      • __vbaStrMove.MSVBVM60 ref: 00453685
                                      • __vbaStrCat.MSVBVM60(\blue,00000000), ref: 0045368D
                                      • __vbaStrMove.MSVBVM60 ref: 00453694
                                      • __vbaStrI2.MSVBVM60(?,00000000), ref: 0045369B
                                      • __vbaStrMove.MSVBVM60 ref: 004536A2
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004536A5
                                      • __vbaStrMove.MSVBVM60 ref: 004536AC
                                      • __vbaStrCat.MSVBVM60(00413AFC,00000000), ref: 004536B4
                                      • __vbaStrMove.MSVBVM60 ref: 004536BB
                                      • __vbaFreeStrList.MSVBVM60(00000008,?,?,?,?,?,?,?,?), ref: 004536DF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList
                                      • String ID: \blue$\green$\red$/@
                                      • API String ID: 4052998853-2960580807
                                      • Opcode ID: 0da028c32ea2b1450d9cc4665019dd13ad9ce7a625b8b355fd471ba361b95130
                                      • Instruction ID: 68e374bb26ecc215fb19646b2ba9d3a3f223bf0fcbb24b0a19931cef66208105
                                      • Opcode Fuzzy Hash: 0da028c32ea2b1450d9cc4665019dd13ad9ce7a625b8b355fd471ba361b95130
                                      • Instruction Fuzzy Hash: 1041BDB1D00108AFCB45DFA9DD85DEFBBF9EF58600F10812AE505E3250EA746A45CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00447130, Relevance: 39.3, APIs: 26, Instructions: 344COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004471AB
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004471C7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,000001A4), ref: 004471F2
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 00447202
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00447252
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 0044726E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,00000148), ref: 00447299
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 004472A9
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004472F9
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00447315
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,0000012C), ref: 00447340
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 00447350
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004473A0
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004473BC
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,00000130), ref: 004473E7
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 004473F7
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00447447
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00447463
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,0000013C), ref: 0044748E
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 0044749E
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 004474EE
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 0044750A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,00000188), ref: 00447535
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 00447545
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,000001A0), ref: 00447626
                                      • __vbaFreeVar.MSVBVM60 ref: 0044762F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$CheckHresult$Free
                                      • String ID:
                                      • API String ID: 1503043884-0
                                      • Opcode ID: 0207d0bf83253ce64cb0efe3a6668e707fc70a247072cfd25611ce671fd6371f
                                      • Instruction ID: 6d72de2b123726a03e2c8585a654775105eb25823863d26ada7c78204a4f54a0
                                      • Opcode Fuzzy Hash: 0207d0bf83253ce64cb0efe3a6668e707fc70a247072cfd25611ce671fd6371f
                                      • Instruction Fuzzy Hash: 78D1D474900200EFDB019F54C988D99FBB5FF09721B25856EF949B73A0C774AC4ACBA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004064C5, Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 234COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2Abs.MSVBVM60 ref: 00467B6C
                                      • __vbaI2Abs.MSVBVM60 ref: 00467B87
                                      • __vbaI2Abs.MSVBVM60 ref: 00467BAA
                                      • _adj_fdiv_m64.MSVBVM60 ref: 00467C08
                                      • __vbaFpI4.MSVBVM60 ref: 00467C17
                                      • __vbaI2Abs.MSVBVM60 ref: 00467C75
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 00467C84
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 00467C93
                                      • #588.MSVBVM60(00000000), ref: 00467C9C
                                      • __vbaI2Abs.MSVBVM60 ref: 00467CAF
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 00467CBE
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 00467CCD
                                      • #588.MSVBVM60(00000000), ref: 00467CD0
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00467CFB
                                      • __vbaOnError.MSVBVM60(00000001), ref: 00467D64
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFD,00000000), ref: 00467D88
                                      • __vbaI4Var.MSVBVM60(?,0000043A,00000001,00000054), ref: 00467DA3
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00467DB1
                                      • __vbaFreeVar.MSVBVM60 ref: 00467DBD
                                      • __vbaExitProc.MSVBVM60 ref: 00467E3A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$#588$CallExitFreeLateOverflowProcSystem_adj_fdiv_m64
                                      • String ID: T
                                      • API String ID: 2505600406-3187964512
                                      • Opcode ID: 352dfdd548a8d4781a016dab96fb10dba78bf22fa86e4cdca3cbc890ba8c6748
                                      • Instruction ID: 60dafb80566bdf0720516baa4852ae77f27208213d870a06684edca9e095c7a8
                                      • Opcode Fuzzy Hash: 352dfdd548a8d4781a016dab96fb10dba78bf22fa86e4cdca3cbc890ba8c6748
                                      • Instruction Fuzzy Hash: F871B671508306DBC710EF74C984AAFB7B4FF84758F10892EF586A2250E7789985CB9B
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A07, Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 206COMMON
                                      Download Yara Rule
                                      APIs
                                      • #717.MSVBVM60(?,?,00000003,00000000,?,00000000,00000000), ref: 004569A7
                                      • __vbaVarCat.MSVBVM60(?,?,?,00000004,?,?,?,?,00000000,00000000), ref: 00456A20
                                      • __vbaVarCat.MSVBVM60(?,?,00000000,?,00000000,00000000), ref: 00456A2E
                                      • #595.MSVBVM60(00000000,?,00000000,00000000), ref: 00456A31
                                      • __vbaFreeVarList.MSVBVM60(00000006,?,?,?,?,?,?,?,00000000,00000000), ref: 00456A63
                                      • __vbaVarMove.MSVBVM60 ref: 00456A8F
                                      • __vbaForEachVar.MSVBVM60(?,?,?,?,?,?), ref: 00456AC3
                                      • __vbaInStrVar.MSVBVM60(?,00000000,00004008,?,00000001), ref: 00456B18
                                      • __vbaVarSub.MSVBVM60(?,00000002,00000000), ref: 00456B2A
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00456B31
                                      • __vbaStrVarVal.MSVBVM60(?,?,00000000), ref: 00456B40
                                      • #616.MSVBVM60(00000000), ref: 00456B47
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 00456B52
                                      • __vbaFreeStr.MSVBVM60(?,?), ref: 00456B57
                                      • __vbaFreeVar.MSVBVM60(?,?), ref: 00456B5C
                                      • __vbaStrCmp.MSVBVM60(?,?), ref: 00456B6C
                                      • __vbaStrErrVarCopy.MSVBVM60(?,?,?), ref: 00456B7A
                                      • __vbaStrMove.MSVBVM60(?,?), ref: 00456B85
                                      • __vbaFreeStr.MSVBVM60(?,?), ref: 00456B9E
                                      • __vbaNextEachVar.MSVBVM60(?,?,?,?,?,?,?), ref: 00456BC0
                                      • __vbaAryUnlock.MSVBVM60(?,00456C38), ref: 00456C0C
                                      • __vbaFreeObj.MSVBVM60 ref: 00456C18
                                      • __vbaFreeVar.MSVBVM60 ref: 00456C27
                                      • __vbaFreeVar.MSVBVM60 ref: 00456C2C
                                      • __vbaFreeStr.MSVBVM60 ref: 00456C31
                                      Strings
                                      • Are you sure you want to delete ', xrefs: 00456A0C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Each$#595#616#717CopyListNextUnlock
                                      • String ID: Are you sure you want to delete '
                                      • API String ID: 3607592055-990089634
                                      • Opcode ID: f52e58dbd21c49f9b1dab4262173a6d5a5de53d279306f7b65e824b9d2e9cc15
                                      • Instruction ID: fbe0e41c2094b579c2cd41f645b8fdd52cea1eedfef63dec367bae5b38f4de9c
                                      • Opcode Fuzzy Hash: f52e58dbd21c49f9b1dab4262173a6d5a5de53d279306f7b65e824b9d2e9cc15
                                      • Instruction Fuzzy Hash: 4891E8B1800219AFDB54DF94CC84EDEBBB9FF48704F10819AF509A7250DB746A89CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044D130, Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 138COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044D196
                                      • __vbaVarDup.MSVBVM60 ref: 0044D1CE
                                      • __vbaStrCat.MSVBVM60(004106F8,Your file: ), ref: 0044D1E4
                                      • __vbaStrMove.MSVBVM60 ref: 0044D1F1
                                      • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0044D1F8
                                      • __vbaStrMove.MSVBVM60 ref: 0044D1FF
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0044D207
                                      • __vbaStrMove.MSVBVM60 ref: 0044D20E
                                      • __vbaStrCat.MSVBVM60(has been edited.,00000000), ref: 0044D216
                                      • __vbaStrMove.MSVBVM60 ref: 0044D21D
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 0044D225
                                      • __vbaStrMove.MSVBVM60 ref: 0044D22C
                                      • __vbaStrCat.MSVBVM60(Save?,00000000), ref: 0044D234
                                      • #595.MSVBVM60(?,00000034,?,?,?), ref: 0044D252
                                      • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 0044D27B
                                      • __vbaFreeVarList.MSVBVM60(00000004,00000008,?,?,?), ref: 0044D293
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401810,00410EB8,0000008C), ref: 0044D2BA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList$#595BstrCheckHresult
                                      • String ID: Save?$Unsaved Edits$Your file: $has been edited.
                                      • API String ID: 217747064-559786723
                                      • Opcode ID: e94c6dbb796f82d9f3dfc68acc18a8df1a63a821a3230f0815bb7260aa264a48
                                      • Instruction ID: aa15d52ff6930fceb994157a4b87b4159c613fa1d399d5519e8ffc5bf2ce36c0
                                      • Opcode Fuzzy Hash: e94c6dbb796f82d9f3dfc68acc18a8df1a63a821a3230f0815bb7260aa264a48
                                      • Instruction Fuzzy Hash: E151F9B1D10218AFDB04DFA4C985AEEBBB8FB48B00F10415BE501A7254DBB45985CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00467F20, Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 126COMMON
                                      Download Yara Rule
                                      APIs
                                      • #517.MSVBVM60(00000000), ref: 00467F6F
                                      • __vbaStrMove.MSVBVM60 ref: 00467F7D
                                      • __vbaStrCmp.MSVBVM60(beige,?), ref: 00467F95
                                      • #588.MSVBVM60(000000FA,000000C8,000000C8), ref: 00467FAA
                                      • __vbaStrCmp.MSVBVM60(fadedpink,?), ref: 00467FC4
                                      • __vbaStrCmp.MSVBVM60(fred,?), ref: 00467FD6
                                      • #588.MSVBVM60(00000017,000000C8,000000C8), ref: 00467FE8
                                      • __vbaFreeStr.MSVBVM60(004680DA), ref: 004680D3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#588$#517FreeMove
                                      • String ID: beige$fadedpink$fred$random
                                      • API String ID: 2026568487-3903625098
                                      • Opcode ID: ef03a6347042ed10c7829fdf86290006bfd77e619f99ba99af1a04ca0e345e65
                                      • Instruction ID: 8d659039366ef29758a62e59ac11b61718166729cd2aceaba89aecf6dd9801ae
                                      • Opcode Fuzzy Hash: ef03a6347042ed10c7829fdf86290006bfd77e619f99ba99af1a04ca0e345e65
                                      • Instruction Fuzzy Hash: 12414CB0D40219EFDB109F94CE89ADEBF78FF08740F10415AF945B2290DB7459858FAA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044A390, Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 182COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000,00000005,00000000), ref: 0044A3EE
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A3F8
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A419
                                      • __vbaStrCopy.MSVBVM60 ref: 0044A443
                                      • __vbaFreeStr.MSVBVM60 ref: 0044A480
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A489
                                      • __vbaFreeStr.MSVBVM60(0044A4BD), ref: 0044A4B6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CallCopyLate
                                      • String ID: \red
                                      • API String ID: 2857255171-2780817819
                                      • Opcode ID: 4f8ddf2d78631bc84768033e67f1602f08cd9e1b247d6b9d12bbe53b902e3cdd
                                      • Instruction ID: aeb78715b9e5a430b39de2081fe26209371c24bc480b85b631899200244c90ea
                                      • Opcode Fuzzy Hash: 4f8ddf2d78631bc84768033e67f1602f08cd9e1b247d6b9d12bbe53b902e3cdd
                                      • Instruction Fuzzy Hash: 03614D71D00219AFDB00EFA4DA49AEEFBB8FF48700F10815AF506A76A0D7786944CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004779F0, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 172COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,Parent,00000000,hwnd,00000000), ref: 00477A50
                                      • __vbaVarLateMemCallLd.MSVBVM60(?,00000000), ref: 00477A5E
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00477A7A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 00477AA5
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000058), ref: 00477ACD
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00477AE1
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014), ref: 00477B06
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000050), ref: 00477B26
                                      • __vbaStrToAnsi.MSVBVM60(?,?,00000001), ref: 00477B38
                                      • __vbaStrToAnsi.MSVBVM60(?,00412C18,00000000), ref: 00477B44
                                      • __vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00477B4F
                                      • __vbaStrToAnsi.MSVBVM60(?,open,00000000), ref: 00477B5B
                                      • __vbaI4Var.MSVBVM60(?,00000000), ref: 00477B62
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00477B6E
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 00477B8E
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00477B9E
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00477BAE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$AnsiCheckHresult$FreeList$CallLateNew2$ErrorSystem
                                      • String ID: Parent$hwnd$open
                                      • API String ID: 2800150721-3059952367
                                      • Opcode ID: 8c1e59bdf8c12416090a746ef335c2f7bffc1f6953bc4aeb05214ccc03439b18
                                      • Instruction ID: 2bc05f08cc7d771aa71e7c2a53f2fe056c9973b7a8bc4d221554b0aa7caf3e4e
                                      • Opcode Fuzzy Hash: 8c1e59bdf8c12416090a746ef335c2f7bffc1f6953bc4aeb05214ccc03439b18
                                      • Instruction Fuzzy Hash: F2511FB1940209AFDB00DF95CD85DEEBB78FB48704F50452EF205F71A0D6B4A949CBA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046C6A0, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 158COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046C6FF
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041123C,00000050,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046C71C
                                      • __vbaStrMove.MSVBVM60 ref: 0046C72F
                                      • __vbaFreeObj.MSVBVM60 ref: 0046C738
                                      • __vbaStrCmp.MSVBVM60(Open,?), ref: 0046C74D
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046C761
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123E0,0000007C), ref: 0046C77F
                                      • __vbaFreeObj.MSVBVM60 ref: 0046C78E
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046C79E
                                      • __vbaStrCmp.MSVBVM60(Close,?), ref: 0046C7C2
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046C7D6
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123E0,0000007C), ref: 0046C7F4
                                      • __vbaFreeObj.MSVBVM60 ref: 0046C803
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046C813
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041123C,00000054), ref: 0046C831
                                      • __vbaFreeObj.MSVBVM60 ref: 0046C83A
                                      • __vbaFreeStr.MSVBVM60(0046C868), ref: 0046C861
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckHresult$Move
                                      • String ID: Close$Open$x*@
                                      • API String ID: 1589273832-2736048334
                                      • Opcode ID: 90f63dd104d143374d5e791d44889822944d1a83c263765fa73aa5c9a2200c20
                                      • Instruction ID: 4948b2bf2323b0014320e5701036d8709a669c09bd87fe5ea09cd9fd2db67bed
                                      • Opcode Fuzzy Hash: 90f63dd104d143374d5e791d44889822944d1a83c263765fa73aa5c9a2200c20
                                      • Instruction Fuzzy Hash: 26516370A00205EBDB00AFA5CD88EFEB7BCFF58705F10812AE545E72A1D77899458F95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00459D70, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 117COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459DB2
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000,00000001), ref: 00459DC5
                                      • __vbaStrVarMove.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459DCF
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459DE0
                                      • __vbaStrCat.MSVBVM60(00412B64,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459DEE
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459DF9
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459DFD
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459E1A
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459E26
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000,00000001), ref: 00459E3E
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00459E48
                                      • __vbaStrMove.MSVBVM60 ref: 00459E53
                                      • __vbaStrCat.MSVBVM60(0041071C,00000000,00000000), ref: 00459E61
                                      • __vbaStrMove.MSVBVM60 ref: 00459E6C
                                      • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00459E70
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00459E8B
                                      • __vbaFreeVar.MSVBVM60 ref: 00459E97
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00459EA2
                                      • __vbaFreeObj.MSVBVM60(00459ED6), ref: 00459ECF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$AddrefCallLateList
                                      • String ID: /@
                                      • API String ID: 1635997044-2163338593
                                      • Opcode ID: 248f812f83daef5968616a3745662a56b830d6093c241dffc5b819143332915d
                                      • Instruction ID: be2497a7950a220e85f10a7741cce552097c48fe8e074a62928dc1e03e36ed7f
                                      • Opcode Fuzzy Hash: 248f812f83daef5968616a3745662a56b830d6093c241dffc5b819143332915d
                                      • Instruction Fuzzy Hash: 034100B5900209AFDB04DFA4DD89EEEBB78FB48701F108129F902F71A0DB745944CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044E630, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 117COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E672
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000,00000001), ref: 0044E685
                                      • __vbaStrVarMove.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E68F
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E6A0
                                      • __vbaStrCat.MSVBVM60(00412B64,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E6AE
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E6B9
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E6BD
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E6DA
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044E6E6
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000,00000001), ref: 0044E6FE
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044E708
                                      • __vbaStrMove.MSVBVM60 ref: 0044E713
                                      • __vbaStrCat.MSVBVM60(0041071C,00000000,00000000), ref: 0044E721
                                      • __vbaStrMove.MSVBVM60 ref: 0044E72C
                                      • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0044E730
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0044E74B
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E757
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044E762
                                      • __vbaFreeObj.MSVBVM60(0044E796), ref: 0044E78F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$AddrefCallLateList
                                      • String ID: /@
                                      • API String ID: 1635997044-2163338593
                                      • Opcode ID: 3b1a02686b8ced524d86410c50a5b937fb0ace64cf735d53fe9033da2aec54d3
                                      • Instruction ID: 949e463530fcbc38578681c062ae9d5a482b2f49f6e10ae90f83d8efbaed5e0c
                                      • Opcode Fuzzy Hash: 3b1a02686b8ced524d86410c50a5b937fb0ace64cf735d53fe9033da2aec54d3
                                      • Instruction Fuzzy Hash: 20411DB5900209AFDB00DFA4DD89EEEBB78FB48700F108129F902F76A0DB745944CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040785A, Relevance: 34.7, APIs: 23, Instructions: 183COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000000), ref: 00452429
                                      • __vbaUbound.MSVBVM60(00000001), ref: 00452430
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045243A
                                      • __vbaLbound.MSVBVM60(00000001,?), ref: 00452447
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045245A
                                      • __vbaLbound.MSVBVM60(00000001), ref: 00452461
                                      • __vbaRefVarAry.MSVBVM60(?,00000000), ref: 00452465
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 0045246C
                                      • __vbaRedim.MSVBVM60(00000080,00000004,?,00000003,00000001,00000000), ref: 00452482
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045248C
                                      • __vbaLbound.MSVBVM60(00000001), ref: 00452493
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00452499
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 004524A0
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004524AA
                                      • __vbaLbound.MSVBVM60(00000001), ref: 004524B1
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 004524EE
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 004524F9
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00452524
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0045252E
                                      • __vbaFreeVar.MSVBVM60 ref: 0045253C
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00452576
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00452581
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 004525AC
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004525B6
                                      • __vbaFreeVar.MSVBVM60 ref: 004525C4
                                      • __vbaVarCopy.MSVBVM60 ref: 00452600
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,00452633), ref: 0045262C
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00452662
                                      • __vbaRefVarAry.MSVBVM60(?,660DC417,?,660DC628), ref: 004526B9
                                      • __vbaLbound.MSVBVM60(00000001), ref: 004526C6
                                      • __vbaRefVarAry.MSVBVM60(?,00000000), ref: 004526CA
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 004526D1
                                      • __vbaRedim.MSVBVM60(00000080,00000004,?,00000003,00000001,00000000), ref: 004526E7
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004526F1
                                      • __vbaLbound.MSVBVM60(00000001), ref: 004526F8
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 004526FD
                                      • __vbaLbound.MSVBVM60(00000001,?), ref: 00452704
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045270E
                                      • __vbaUbound.MSVBVM60(00000001), ref: 00452715
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00452751
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Lbound$Error$BoundsGenerateUbound$FreeIndexLoadRedim$CopyDestructOverflow
                                      • String ID:
                                      • API String ID: 1472305050-0
                                      • Opcode ID: bffa7091f3fac6c5e73dab6e6eefd8b6ac1533a445f88bd85fd4bff8aa6791ee
                                      • Instruction ID: 0afa4027231b2ccef419fb2bdeaa38e2d3a5312fd68d19f5b9eeaedce7b42079
                                      • Opcode Fuzzy Hash: bffa7091f3fac6c5e73dab6e6eefd8b6ac1533a445f88bd85fd4bff8aa6791ee
                                      • Instruction Fuzzy Hash: B1612170E002089FDB04DFA8C985A9EBBF9FF89300F10816AE505EB351D7B5A945CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00469820, Relevance: 34.6, APIs: 23, Instructions: 137COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 0046986D
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFD,00000000), ref: 00469884
                                      • __vbaI4Var.MSVBVM60(?,000004E0,?,?), ref: 0046989E
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 004698AA
                                      • __vbaFreeVar.MSVBVM60 ref: 004698B3
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 004698F8
                                      • __vbaStrR8.MSVBVM60 ref: 00469913
                                      • __vbaStrMove.MSVBVM60 ref: 00469924
                                      • __vbaStrCat.MSVBVM60(00412214,00000000), ref: 0046992C
                                      • __vbaStrMove.MSVBVM60 ref: 00469937
                                      • __vbaFreeStr.MSVBVM60 ref: 0046993C
                                      • __vbaExitProc.MSVBVM60 ref: 00469942
                                      • __vbaStrI4.MSVBVM60(?), ref: 0046995A
                                      • __vbaStrMove.MSVBVM60 ref: 00469967
                                      • __vbaStrCat.MSVBVM60(00415AC4,00000000), ref: 00469975
                                      • __vbaStrMove.MSVBVM60 ref: 0046997C
                                      • __vbaStrI4.MSVBVM60(?,00000000), ref: 00469983
                                      • __vbaStrMove.MSVBVM60 ref: 0046998A
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0046998D
                                      • __vbaStrMove.MSVBVM60 ref: 00469994
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004699A4
                                      • __vbaExitProc.MSVBVM60 ref: 004699AD
                                      • __vbaExitProc.MSVBVM60 ref: 004699BB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$ExitFreeProc$Error$CallLateListSystem_adj_fdiv_m64
                                      • String ID:
                                      • API String ID: 1496165454-0
                                      • Opcode ID: e1ae7046f3db6e18c178bd04c144b8af0459f9838f9bf8bc92b4dc568765df53
                                      • Instruction ID: ec2af156503e69885be85d5578d58fc3c5abf6d970c94555b736cc31c5864b06
                                      • Opcode Fuzzy Hash: e1ae7046f3db6e18c178bd04c144b8af0459f9838f9bf8bc92b4dc568765df53
                                      • Instruction Fuzzy Hash: DC512171D00258DBCB00EFA4DE899DEBBB9FF48700F10812AE446B3260DBB45D45CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00458F60, Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 318COMMON
                                      Download Yara Rule
                                      APIs
                                      • #593.MSVBVM60(?), ref: 00459030
                                      • __vbaFpI4.MSVBVM60 ref: 00459058
                                      • __vbaFreeVar.MSVBVM60 ref: 00459064
                                      • #593.MSVBVM60(0000000A), ref: 004590BA
                                      • __vbaFpI4.MSVBVM60 ref: 004590F5
                                      • __vbaFreeVar.MSVBVM60 ref: 00459103
                                      • __vbaI2I4.MSVBVM60 ref: 00459115
                                      • __vbaI2I4.MSVBVM60 ref: 00459126
                                      • __vbaI2I4.MSVBVM60 ref: 00459137
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?), ref: 0045918C
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?), ref: 004591DC
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?), ref: 0045922C
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045924D
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00459258
                                      • #588.MSVBVM60(?,?,?), ref: 0045926C
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,004592F6), ref: 004592EF
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0045931A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401F20,00411700,00000078), ref: 0045937C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$ErrorList$#593BoundsGenerate$#588CheckDestructHresultOverflow
                                      • String ID: /@
                                      • API String ID: 1054071030-2163338593
                                      • Opcode ID: 7c3dae012dec27eea2feea7c3aa494d34a393c2b8259a1b5c274f3dcc15b92b8
                                      • Instruction ID: 4eb98e1a2a3092a86294d2dc270a1df60be85d2b551c81751fc0183c5ab8a359
                                      • Opcode Fuzzy Hash: 7c3dae012dec27eea2feea7c3aa494d34a393c2b8259a1b5c274f3dcc15b92b8
                                      • Instruction Fuzzy Hash: 0FD1E6B1D00209EFDB14CF95C988AEEFBB8FF48301F20816AE509A7251D7746A49CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00477E10, Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 123COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaSetSystemError.MSVBVM60 ref: 00477EA0
                                      • __vbaVarDup.MSVBVM60 ref: 00477ED6
                                      • __vbaStrCat.MSVBVM60(004106F8,ClsManifestation is only designed to function in WindowsXP.), ref: 00477EEC
                                      • __vbaStrMove.MSVBVM60 ref: 00477EF9
                                      • __vbaStrCat.MSVBVM60( Nothing in it is WindowsXP specific but manifest files are only meaningful to WindowsXP,00000000), ref: 00477F01
                                      • __vbaStrMove.MSVBVM60 ref: 00477F08
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000), ref: 00477F10
                                      • __vbaStrMove.MSVBVM60 ref: 00477F17
                                      • __vbaStrCat.MSVBVM60( (Remove the IsWindowsXP test in Sub Manifest if you want to use the class on Non-XP machines,,00000000), ref: 00477F1F
                                      • __vbaStrMove.MSVBVM60 ref: 00477F26
                                      • __vbaStrCat.MSVBVM60( for some reason I don't want to imagine or know.),00000000), ref: 00477F2E
                                      • #595.MSVBVM60(?,00000040,?,?,?), ref: 00477F48
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 00477F60
                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 00477F78
                                      Strings
                                      • Nothing in it is WindowsXP specific but manifest files are only meaningful to WindowsXP, xrefs: 00477EFC
                                      • ClsManifestation is only designed to function in WindowsXP., xrefs: 00477EE2
                                      • ClsManifestation, xrefs: 00477ECC
                                      • (Remove the IsWindowsXP test in Sub Manifest if you want to use the class on Non-XP machines,, xrefs: 00477F1A
                                      • for some reason I don't want to imagine or know.), xrefs: 00477F29
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList$#595ErrorSystem
                                      • String ID: for some reason I don't want to imagine or know.)$ (Remove the IsWindowsXP test in Sub Manifest if you want to use the class on Non-XP machines,$ Nothing in it is WindowsXP specific but manifest files are only meaningful to WindowsXP$ClsManifestation$ClsManifestation is only designed to function in WindowsXP.
                                      • API String ID: 3801395414-317968967
                                      • Opcode ID: 22c6b4520f3062f9c57f8f3f85c9e5df39dd97d08af991c67ab0545c1a36c87f
                                      • Instruction ID: e9a1d08f0bd7f4c48e1476ba8df68ba5e501209152425e546994fd44db54af50
                                      • Opcode Fuzzy Hash: 22c6b4520f3062f9c57f8f3f85c9e5df39dd97d08af991c67ab0545c1a36c87f
                                      • Instruction Fuzzy Hash: C3411AB1D00208AFDB10DFA5CA45AEEFBB8EF84700F20815BE50AA7250DBB41E45CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044AA30, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 113COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CopyMove$#517#527
                                      • String ID: /@
                                      • API String ID: 1334318059-2163338593
                                      • Opcode ID: 25feb74bae159785da28d2a8b8f59cfe0f8b835ac2a0fcbb28927954fd53affa
                                      • Instruction ID: bb5cb4acc17ac5e4ffb9a98cadded6412cbb15988a085bd23eb5c23900a200e5
                                      • Opcode Fuzzy Hash: 25feb74bae159785da28d2a8b8f59cfe0f8b835ac2a0fcbb28927954fd53affa
                                      • Instruction Fuzzy Hash: 06412171D402199BDB04DFA4DE55AEEB7B8EF48700F20822AE916B3250EB746E05CFD5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044ACC0, Relevance: 33.2, APIs: 22, Instructions: 166COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044AD0B
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000009,00000000), ref: 0044AD1C
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044AD26
                                      • __vbaStrMove.MSVBVM60 ref: 0044AD31
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044AD38
                                      • __vbaFreeStr.MSVBVM60 ref: 0044AD4B
                                      • __vbaFreeVar.MSVBVM60 ref: 0044AD54
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000009,00000000), ref: 0044AD82
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044AD8C
                                      • __vbaStrMove.MSVBVM60 ref: 0044AD97
                                      • __vbaFreeVar.MSVBVM60 ref: 0044ADA6
                                      • #527.MSVBVM60(?), ref: 0044ADCE
                                      • #517.MSVBVM60(?), ref: 0044ADDA
                                      • __vbaLateIdSt.MSVBVM60(?,00000009), ref: 0044AE07
                                      • __vbaFreeVar.MSVBVM60 ref: 0044AE10
                                      • #717.MSVBVM60(?,?,00000003,00000000), ref: 0044AE2C
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0044AE36
                                      • __vbaLateIdSt.MSVBVM60(?,00000009), ref: 0044AE63
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0044AE73
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044AE91
                                      • __vbaFreeObj.MSVBVM60(0044AECE), ref: 0044AEBE
                                      • __vbaFreeStr.MSVBVM60 ref: 0044AEC7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Late$AddrefCall$#517#527#717BstrList
                                      • String ID:
                                      • API String ID: 189305833-0
                                      • Opcode ID: 42c0d61942964130f33306c2e6652867ae3313b323bde9d80b7e2ac25a5ecf29
                                      • Instruction ID: 8e3bd0f6b741bec7c708c4b5df7bba14139b4104a3117c2647495e33bd831ded
                                      • Opcode Fuzzy Hash: 42c0d61942964130f33306c2e6652867ae3313b323bde9d80b7e2ac25a5ecf29
                                      • Instruction Fuzzy Hash: 746118B1D00209DFDB04DFA4DA889EEBBB8FF48701F14812AE506B7661DB345945CFA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00444D80, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 189COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 00444DE4
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000AC), ref: 00444E1B
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00444E2F
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 00444E4A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000B0), ref: 00444E75
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123D0,00000054), ref: 00444E94
                                      • __vbaFreeStr.MSVBVM60 ref: 00444E9D
                                      • __vbaFreeObj.MSVBVM60 ref: 00444EA6
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00444EC0
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 00444ED8
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00444EF2
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004123D0,00000050), ref: 00444F15
                                      • __vbaStrMove.MSVBVM60 ref: 00444F2C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000A0), ref: 00444F55
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004123D0,00000054), ref: 00444F73
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00444F7F
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00444F8F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$Free$New2$List$Move
                                      • String ID: /@
                                      • API String ID: 2421174381-2163338593
                                      • Opcode ID: 3a68e01935e2c7499ba33463ec01c347b3c6f9c7eb5103d82fefc9dc63f66fe5
                                      • Instruction ID: 1bd550fd1673164c5c1807c8feb583ae332ae80940d5f44f9f8afd86bb9eae35
                                      • Opcode Fuzzy Hash: 3a68e01935e2c7499ba33463ec01c347b3c6f9c7eb5103d82fefc9dc63f66fe5
                                      • Instruction Fuzzy Hash: EA614070A00205AFDB049FA5CD89FAEB7B8FF49705F10452AF605F7290D674A945CB68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D06, Relevance: 31.7, APIs: 21, Instructions: 152COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0045D295
                                      • __vbaVarCopy.MSVBVM60 ref: 0045D2A2
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0045D2AD
                                      • __vbaVarCopy.MSVBVM60 ref: 0045D2B4
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0045D2CF
                                      • __vbaVarVargNofree.MSVBVM60(00000000), ref: 0045D2DB
                                      • __vbaVarAdd.MSVBVM60(?,00000000), ref: 0045D2E2
                                      • __vbaVarDiv.MSVBVM60(?,?,00000000), ref: 0045D2F4
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045D322
                                      • __vbaVarMove.MSVBVM60 ref: 0045D330
                                      • __vbaFreeVar.MSVBVM60 ref: 0045D339
                                      • __vbaVarTstLe.MSVBVM60(?,?), ref: 0045D34D
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0045D393
                                      • __vbaVarCmpLt.MSVBVM60(?,?,00000000), ref: 0045D3A5
                                      • __vbaVarVargNofree.MSVBVM60(?,00000000), ref: 0045D3B5
                                      • __vbaVarCmpLt.MSVBVM60(?,00000000), ref: 0045D3BF
                                      • __vbaVarAnd.MSVBVM60(?,00000000), ref: 0045D3C9
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 0045D3D0
                                      • __vbaFreeVar.MSVBVM60 ref: 0045D3DF
                                      • __vbaVarAdd.MSVBVM60(?,?,?), ref: 0045D412
                                      • __vbaVarMove.MSVBVM60 ref: 0045D41D
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001,?,?,?,?), ref: 0045D463
                                      • __vbaVarCmpLt.MSVBVM60(?,00000000), ref: 0045D471
                                      • __vbaVarVargNofree.MSVBVM60(?,00000000), ref: 0045D481
                                      • __vbaVarCmpGt.MSVBVM60(?,00000000), ref: 0045D48B
                                      • __vbaVarAnd.MSVBVM60(?,00000000), ref: 0045D499
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 0045D4A0
                                      • __vbaFreeVar.MSVBVM60 ref: 0045D4AF
                                      • __vbaVarSub.MSVBVM60(?,?,?), ref: 0045D4E2
                                      • __vbaVarMove.MSVBVM60 ref: 0045D4ED
                                      • __vbaVarTstLe.MSVBVM60(?,?), ref: 0045D500
                                      • __vbaVarIndexLoadRefLock.MSVBVM60(?,?,?,00000001), ref: 0045D54A
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0045D650
                                      • __vbaVarTstLt.MSVBVM60(?,00000000), ref: 0045D657
                                      • __vbaVarVargNofree.MSVBVM60(?), ref: 0045D684
                                      • __vbaVarTstLt.MSVBVM60(00000000), ref: 0045D687
                                      • __vbaFreeVar.MSVBVM60(0045D6FA), ref: 0045D6E8
                                      • __vbaFreeVar.MSVBVM60 ref: 0045D6ED
                                      • __vbaFreeVar.MSVBVM60 ref: 0045D6F2
                                      • __vbaFreeVar.MSVBVM60 ref: 0045D6F7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$NofreeVarg$Free$IndexLoad$Move$BoolCopyNull$Lock
                                      • String ID:
                                      • API String ID: 1358073508-0
                                      • Opcode ID: 34903ddbddc7fd4e070bdd3281e837e92d6b8a1514911208ebd4f21d98ffa190
                                      • Instruction ID: a9447ac5ba9ccb9b7ee531c34d6f10320307d6d06a300a61cf257667e9fdbbc4
                                      • Opcode Fuzzy Hash: 34903ddbddc7fd4e070bdd3281e837e92d6b8a1514911208ebd4f21d98ffa190
                                      • Instruction Fuzzy Hash: 9861E8B5D002189FCB54DFA4CD84BDEBBB8FF48300F1081AAE509A7254EB749A89CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044F700, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 152COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044F745
                                      • __vbaI2I4.MSVBVM60 ref: 0044F75C
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000018,00000000), ref: 0044F78F
                                      • __vbaVarNot.MSVBVM60(?,00000000), ref: 0044F79D
                                      • __vbaI2I4.MSVBVM60 ref: 0044F7C7
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000001B,00000000), ref: 0044F7FA
                                      • __vbaVarNot.MSVBVM60(?,00000000), ref: 0044F808
                                      • __vbaLateIdSt.MSVBVM60(?,0000001B), ref: 0044F82F
                                      • __vbaFreeVar.MSVBVM60 ref: 0044F838
                                      • __vbaI2I4.MSVBVM60 ref: 0044F845
                                      • __vbaI2I4.MSVBVM60 ref: 0044F851
                                      • __vbaI2I4.MSVBVM60 ref: 0044F864
                                      • __vbaStrCopy.MSVBVM60 ref: 0044F886
                                      • __vbaFreeStr.MSVBVM60 ref: 0044F8A0
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044F8AC
                                      • __vbaFreeObj.MSVBVM60(0044F8E0), ref: 0044F8D9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeLate$AddrefCall$Copy
                                      • String ID: /@
                                      • API String ID: 1137755550-2163338593
                                      • Opcode ID: b056c07603e0561f35eef71b7bcff3eb8f9ace3f33faeee230c067411ea649ff
                                      • Instruction ID: 044c90d1c26afadd3bc1e8855029ccba51f07f1f5c7b87724f0fb20b4f246f37
                                      • Opcode Fuzzy Hash: b056c07603e0561f35eef71b7bcff3eb8f9ace3f33faeee230c067411ea649ff
                                      • Instruction Fuzzy Hash: 375172749002099FDB04EFA4CE88EAEBBB5FF48700F148169E505AB395E734AD46CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044EA70, Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 144COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,00402FE6), ref: 0044EA8E
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00402FE6), ref: 0044EAC7
                                      • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,00402FE6), ref: 0044EAD6
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000D,00000000), ref: 0044EB21
                                      • #560.MSVBVM60(00000000,?,?,?,00402FE6), ref: 0044EB2B
                                      • __vbaFreeVar.MSVBVM60(?,?,?,00402FE6), ref: 0044EB3B
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000D,00000000,?,?,?,00402FE6), ref: 0044EB5C
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044EB66
                                      • __vbaFreeVar.MSVBVM60 ref: 0044EB75
                                      • __vbaChkstk.MSVBVM60 ref: 0044EB96
                                      • __vbaLateIdSt.MSVBVM60(?,0000000D), ref: 0044EBBA
                                      • __vbaStrCopy.MSVBVM60 ref: 0044EBCF
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410EB8,000000C4), ref: 0044EC07
                                      • __vbaFreeStr.MSVBVM60 ref: 0044EC1C
                                      • __vbaOnError.MSVBVM60(00000000), ref: 0044EC4B
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044EC5E
                                      • __vbaFreeObj.MSVBVM60(0044EC88), ref: 0044EC81
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$AddrefCallChkstkError$#560CheckCopyHresult
                                      • String ID: \highlight1
                                      • API String ID: 561018182-1476924835
                                      • Opcode ID: 0a4752632714c01090652367e1c5442ef21b5494b136f258dcbffa82bd48c764
                                      • Instruction ID: e08989eb6c294b0b7a90e587baf46b5c43a5017d635ff049d0113e50b4116467
                                      • Opcode Fuzzy Hash: 0a4752632714c01090652367e1c5442ef21b5494b136f258dcbffa82bd48c764
                                      • Instruction Fuzzy Hash: E061F775901208EFDB04DFD4CA88BDDBBB5FF48704F208159E906AB2A0DB75AA45CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00450CF0, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 115COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D2A
                                      • __vbaStrCat.MSVBVM60(0041362C,\}{,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D4A
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D57
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D5F
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D66
                                      • #616.MSVBVM60(?,00000001,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D6E
                                      • __vbaStrMove.MSVBVM60(?,00000001,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D79
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450D7E
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000001,00000000), ref: 00450D9C
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450DCD
                                      • __vbaInStr.MSVBVM60(00000000,00412C2C,00000000,00000001,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00450DDF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$#616BstrFreeList
                                      • String ID: \}{$uc1\$/@
                                      • API String ID: 1408716707-1081252067
                                      • Opcode ID: c6fa600906e024d1ab861ae62ff353b09ef756a755ecaa4b19648dd74e6927d8
                                      • Instruction ID: a42652dda22ad697eb158ec8e4868f2a0cf863f301b96a43ec3a10f537713a17
                                      • Opcode Fuzzy Hash: c6fa600906e024d1ab861ae62ff353b09ef756a755ecaa4b19648dd74e6927d8
                                      • Instruction Fuzzy Hash: 8931E475A40224ABDB109BA4CD46FAF7B78EB44B01F204226FD02F72D0D6B89945CBE5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00460E30, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 115COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460E6A
                                      • __vbaStrCat.MSVBVM60(0041362C,\}{,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460E8A
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460E97
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460E9F
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460EA6
                                      • #616.MSVBVM60(?,00000001,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460EAE
                                      • __vbaStrMove.MSVBVM60(?,00000001,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460EB9
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460EBE
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000001,00000000), ref: 00460EDC
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460F0D
                                      • __vbaInStr.MSVBVM60(00000000,00412C2C,00000000,00000001,?,00000001,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00460F1F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$#616BstrFreeList
                                      • String ID: \}{$uc1\$/@
                                      • API String ID: 1408716707-1081252067
                                      • Opcode ID: f78c8a98a38ef66dff89fb3a6127cc3845c612cd83172f6d5d9b9d15e686c443
                                      • Instruction ID: 150d161aab43020a3570f8a68eafddc7340b0c9fe9885060494327a8f22ea637
                                      • Opcode Fuzzy Hash: f78c8a98a38ef66dff89fb3a6127cc3845c612cd83172f6d5d9b9d15e686c443
                                      • Instruction Fuzzy Hash: 64318271E40225AFDB249B64CD45FAB7B78EB48B00F104226F902F72D0E6B85D41CBE9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045A270, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 193COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRedimVar.MSVBVM60(0000200C,?,00000001,?,00000000), ref: 0045A2EA
                                      • #648.MSVBVM60(?), ref: 0045A305
                                      • __vbaFreeVar.MSVBVM60 ref: 0045A319
                                      • __vbaFileOpen.MSVBVM60(00000001,000000FF,00000000), ref: 0045A323
                                      • #571.MSVBVM60(00000000), ref: 0045A32A
                                      • __vbaLineInputStr.MSVBVM60(?,00000000), ref: 0045A33E
                                      • __vbaLenBstr.MSVBVM60(?), ref: 0045A348
                                      • __vbaInStr.MSVBVM60(00000000,?,?,00000001), ref: 0045A368
                                      • #616.MSVBVM60(?,-00000001,?,?,00000001), ref: 0045A37C
                                      • __vbaVarIndexStore.MSVBVM60(?,00000001), ref: 0045A3BF
                                      • __vbaFreeVar.MSVBVM60 ref: 0045A3CB
                                      • __vbaFileClose.MSVBVM60(00000000), ref: 0045A3E4
                                      • __vbaVarMove.MSVBVM60 ref: 0045A404
                                      • __vbaFreeStr.MSVBVM60(0045A43D), ref: 0045A42D
                                      • __vbaFreeVar.MSVBVM60 ref: 0045A436
                                      • __vbaErrorOverflow.MSVBVM60(00000000), ref: 0045A46C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$File$#571#616#648BstrCloseErrorIndexInputLineMoveOpenOverflowRedimStore
                                      • String ID: /@
                                      • API String ID: 3096895459-2163338593
                                      • Opcode ID: eda3e0734eeb1d2c1e09c7df77e3588a320db876bcb526a7b6c4e41ccb7e455e
                                      • Instruction ID: 9fbe98d0259a54d2f21d3b1ee35a07ee768554c5b19447a1e959f753c59887a1
                                      • Opcode Fuzzy Hash: eda3e0734eeb1d2c1e09c7df77e3588a320db876bcb526a7b6c4e41ccb7e455e
                                      • Instruction Fuzzy Hash: 3A7118B5D00209EFCB00DFA8D988A9EBBB8FF49700F10825AF805AB365D7749945CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046F530, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 151COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046F5B4
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046F5C4
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411EA8,00000168), ref: 0046F5ED
                                      • __vbaSetSystemError.MSVBVM60(?,0000000B,00000000,00000000), ref: 0046F604
                                      • __vbaFreeObj.MSVBVM60 ref: 0046F60D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411EA8,000001E8), ref: 0046F634
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult$ErrorFreeSystem
                                      • String ID: /@
                                      • API String ID: 2232519494-2163338593
                                      • Opcode ID: b1be1fa95ec21ca787b183aae68070f09ccb3bc681fc6eece749a0cc18984272
                                      • Instruction ID: ad9db6c076e5b5275340f14843b319d70b78502c02cfb39788c958ee7e06fe66
                                      • Opcode Fuzzy Hash: b1be1fa95ec21ca787b183aae68070f09ccb3bc681fc6eece749a0cc18984272
                                      • Instruction Fuzzy Hash: 285118B1D00218AFDB109FA5DD88DEEBBB8FF48701F10816EA509A7260CB745985CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004655E0, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 119COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,p'@,00411700,000001E4), ref: 00465647
                                      • __vbaVarDup.MSVBVM60 ref: 00465661
                                      • #711.MSVBVM60(?,?,?,000000FF,00000000), ref: 00465676
                                      • __vbaVarMove.MSVBVM60 ref: 00465682
                                      • __vbaFreeStr.MSVBVM60 ref: 0046568B
                                      • __vbaFreeVar.MSVBVM60 ref: 0046569A
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 004656D2
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 004656DE
                                      • __vbaStrMove.MSVBVM60 ref: 004656E5
                                      • __vbaFreeVar.MSVBVM60 ref: 004656EE
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 0046571D
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00465723
                                      • __vbaStrMove.MSVBVM60 ref: 0046572A
                                      • __vbaFreeVar.MSVBVM60 ref: 00465733
                                      • __vbaFreeVar.MSVBVM60(00465763), ref: 0046575C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$IndexLoad$#711CheckHresult
                                      • String ID: p'@$/@
                                      • API String ID: 2710458403-2080150545
                                      • Opcode ID: 4d87e516171bdcf4923cc80bda17c72b9bcfd4ef641e2705293252d0898522ba
                                      • Instruction ID: 833d9c307048d924dd3eded9fc911d7595e788f8e4259253651366c0bfc0dfc4
                                      • Opcode Fuzzy Hash: 4d87e516171bdcf4923cc80bda17c72b9bcfd4ef641e2705293252d0898522ba
                                      • Instruction Fuzzy Hash: 7F4108B5D002499FCB04DFA8D988ADDFFB8FF58300F10816AE405AB2A5DB74A985CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044B5C0, Relevance: 28.6, APIs: 19, Instructions: 145COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044C80C,FFFFFDFB,00000000), ref: 0044B629
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044B62F
                                      • __vbaStrMove.MSVBVM60 ref: 0044B63A
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044B641
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044C80C,00000005,00000000), ref: 0044B65E
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044B664
                                      • __vbaFreeStr.MSVBVM60 ref: 0044B67B
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0044B68B
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044C80C,00000008,00000000), ref: 0044B6A9
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044B6AF
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044C80C,FFFFFDFB,00000000), ref: 0044B6CD
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044B6D3
                                      • __vbaStrMove.MSVBVM60 ref: 0044B6DE
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044B6E5
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 0044B70B
                                      • __vbaFpI4.MSVBVM60(?,?), ref: 0044B720
                                      • __vbaFreeStr.MSVBVM60 ref: 0044B72F
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0044B73F
                                      • __vbaVarMove.MSVBVM60 ref: 0044B76E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$CallFreeLate$BstrList$_adj_fdiv_m64
                                      • String ID:
                                      • API String ID: 2550523885-0
                                      • Opcode ID: 501886433fbb9ee15994e841b2112d4550719040ea4fd5e3674e8e0806be1728
                                      • Instruction ID: c73c42346adc3a0bf6e4190d4035f23e7781e16c51c0eb29593d5f9f5aa70ea0
                                      • Opcode Fuzzy Hash: 501886433fbb9ee15994e841b2112d4550719040ea4fd5e3674e8e0806be1728
                                      • Instruction Fuzzy Hash: AD515C74900209EFDB00EFA4DE88AEEBBB8FF48304F108529E546B76A1DB346945CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00443DA0, Relevance: 27.2, APIs: 18, Instructions: 243COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443E0C
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443E40
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443E6A
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443E9E
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443ED2
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443F04
                                      • #588.MSVBVM60(000000FF,000000C8,000000FF,?,?,?,?,?,?,?,?,00402FE6), ref: 00443F1F
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443F55
                                      • #588.MSVBVM60(000000FF,000000C8,000000AF,?,?,?,?,?,?,?,?,00402FE6), ref: 00443F70
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443FA6
                                      • #588.MSVBVM60(000000AF,000000AF,000000AF,?,?,?,?,?,?,?,?,00402FE6), ref: 00443FBE
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00443FF4
                                      • #588.MSVBVM60(000000FF,000000FF,000000C8,?,?,?,?,?,?,?,?,00402FE6), ref: 0044400F
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 00444045
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 0044407A
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 004440A8
                                      • __vbaNew2.MSVBVM60(00406270,0048202C,?,?,?,?,?,?,?,?,00402FE6), ref: 004440D6
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041202C,00000024), ref: 004440F7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$#588$CheckHresult
                                      • String ID:
                                      • API String ID: 1660095776-0
                                      • Opcode ID: f9f5561f08f5b0924762f2d4ca5c7c6a6e6aba5bcc832de27eab97a0f92f4e2c
                                      • Instruction ID: 171ef93cf99d3f816e64d9f52e1205ea4650479a66825baa932b519d23d89689
                                      • Opcode Fuzzy Hash: f9f5561f08f5b0924762f2d4ca5c7c6a6e6aba5bcc832de27eab97a0f92f4e2c
                                      • Instruction Fuzzy Hash: 6B91A170A80201EBDB22DF60D945F6E7BB0FB4A701F21456BFA41B22A1C7B45845CF6E
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00467680, Relevance: 27.1, APIs: 18, Instructions: 147COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2Str.MSVBVM60(0041309C), ref: 0046773F
                                      • __vbaI2Str.MSVBVM60(0041309C), ref: 00467757
                                      • __vbaI2Str.MSVBVM60(0041309C), ref: 00467767
                                      • __vbaStrI2.MSVBVM60(?), ref: 00467776
                                      • __vbaStrMove.MSVBVM60 ref: 00467783
                                      • __vbaStrCat.MSVBVM60(00415AC4,00000000), ref: 00467791
                                      • __vbaStrMove.MSVBVM60 ref: 00467798
                                      • __vbaStrI2.MSVBVM60(?,00000000), ref: 0046779F
                                      • __vbaStrMove.MSVBVM60 ref: 004677A6
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004677A9
                                      • __vbaStrMove.MSVBVM60 ref: 004677B0
                                      • __vbaStrCat.MSVBVM60(00415AC4,00000000), ref: 004677B8
                                      • __vbaStrMove.MSVBVM60 ref: 004677BF
                                      • __vbaStrI2.MSVBVM60(?,00000000), ref: 004677C6
                                      • __vbaStrMove.MSVBVM60 ref: 004677CD
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004677D0
                                      • __vbaStrMove.MSVBVM60 ref: 004677D7
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 004677F3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList
                                      • String ID:
                                      • API String ID: 4052998853-0
                                      • Opcode ID: cd9705462a8f6f20b528a41551b098f71374972913de6f43fc36279e9ae1694e
                                      • Instruction ID: 0b425dad2febd0f845b478e4985359e0baed9fa87bbb89c709dd1881a6c2aaa3
                                      • Opcode Fuzzy Hash: cd9705462a8f6f20b528a41551b098f71374972913de6f43fc36279e9ae1694e
                                      • Instruction Fuzzy Hash: 3D51A875D00219ABCB14EFA9C9849EEFBF9FF98300B10811BE505A3254DBB46A45CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00454A90, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 204COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaFpI2.MSVBVM60 ref: 00454B6C
                                      • __vbaFpI2.MSVBVM60 ref: 00454B9D
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,00454BF3), ref: 00454BEC
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00454C12
                                      • __vbaOnError.MSVBVM60(00000001), ref: 00454C68
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00454C7C
                                      • __vbaLateIdSt.MSVBVM60(?,00000012), ref: 00454CA2
                                      • __vbaLateIdCall.MSVBVM60(?,00000020,00000000), ref: 00454CAF
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000006,00000000), ref: 00454CC0
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00454CCA
                                      • __vbaFreeVar.MSVBVM60 ref: 00454CD6
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00454CE1
                                      • __vbaExitProc.MSVBVM60 ref: 00454CE3
                                      • __vbaFreeObj.MSVBVM60(00454D04), ref: 00454CFD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$AddrefCallErrorFree$DestructExitOverflowProc
                                      • String ID: /@
                                      • API String ID: 912037789-2163338593
                                      • Opcode ID: d6788dfff875d455b73c6f62a18eeee911a311b75fad68191fbb1772b4af34cd
                                      • Instruction ID: 2d342eddd6fabb9c14cf2b2f1ac4c2f93b9c485b72d53d565b32df44a814df56
                                      • Opcode Fuzzy Hash: d6788dfff875d455b73c6f62a18eeee911a311b75fad68191fbb1772b4af34cd
                                      • Instruction Fuzzy Hash: 1A81E5B1D00259EFDB04DFD9C989ADEFBB8FF88700F10821AE506AB254D7746945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407DA2, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 181COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2I4.MSVBVM60 ref: 0045FB51
                                      • __vbaI2I4.MSVBVM60 ref: 0045FB59
                                      • __vbaI2I4.MSVBVM60 ref: 0045FBC3
                                      • __vbaI2Abs.MSVBVM60 ref: 0045FC01
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045FC8D
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045FCA2
                                      • __vbaStrI2.MSVBVM60(00000000,\fs), ref: 0045FCB4
                                      • __vbaStrMove.MSVBVM60 ref: 0045FCBF
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045FCC2
                                      • __vbaStrMove.MSVBVM60 ref: 0045FCC9
                                      • __vbaStrCat.MSVBVM60(***,00000000), ref: 0045FCD1
                                      • __vbaStrMove.MSVBVM60 ref: 0045FCD8
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045FD2E
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045FD43
                                      • __vbaStrI2.MSVBVM60(00000000,\up), ref: 0045FD55
                                      • __vbaStrMove.MSVBVM60 ref: 0045FD60
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045FD63
                                      • __vbaStrMove.MSVBVM60 ref: 0045FD6A
                                      • __vbaStrCat.MSVBVM60(***,00000000), ref: 0045FD72
                                      • __vbaStrMove.MSVBVM60 ref: 0045FD79
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045FDCF
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045FDE4
                                      • __vbaStrI2.MSVBVM60(00000000,\up), ref: 0045FDF6
                                      • __vbaStrMove.MSVBVM60 ref: 0045FE01
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045FE04
                                      • __vbaStrMove.MSVBVM60 ref: 0045FE0B
                                      • __vbaStrCat.MSVBVM60(***,00000000), ref: 0045FE13
                                      • __vbaStrMove.MSVBVM60 ref: 0045FE1A
                                      • __vbaStrCopy.MSVBVM60 ref: 0045FE29
                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0045FE3D
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0045FEA2), ref: 0045FE9B
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0045FEC1
                                      • __vbaVarVargNofree.MSVBVM60(?,660E6C30,660E6A76), ref: 0045FF43
                                      • __vbaStrErrVarCopy.MSVBVM60(00000000), ref: 0045FF46
                                      • __vbaStrMove.MSVBVM60 ref: 0045FF57
                                      • __vbaFreeStr.MSVBVM60 ref: 0045FF7F
                                      • __vbaStrCopy.MSVBVM60(004605A5), ref: 0045FFCC
                                      • __vbaFreeStr.MSVBVM60 ref: 00460000
                                      • __vbaLenVar.MSVBVM60(?,00000000), ref: 0046004A
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00460051
                                      • __vbaStrCat.MSVBVM60(\fs,?), ref: 004600A9
                                      • __vbaStrI2.MSVBVM60(00000000,00000000), ref: 004600BE
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004600CC
                                      • __vbaStrCat.MSVBVM60(0041071C,00000000), ref: 004600DF
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 00460102
                                      • #631.MSVBVM60(00000000), ref: 00460109
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 00460117
                                      • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 0046013E
                                      • __vbaFreeVar.MSVBVM60 ref: 0046014A
                                      • __vbaVargVarCopy.MSVBVM60 ref: 00460179
                                      • __vbaInStrVar.MSVBVM60(00000002,00000000,00000008,00000000), ref: 004601AC
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 004601B3
                                      • __vbaFreeVar.MSVBVM60 ref: 004601C2
                                      • __vbaInStrVar.MSVBVM60(00000002,00000000,00000008,00000000), ref: 0046020A
                                      • __vbaVarSub.MSVBVM60(?,00000002,00000000), ref: 0046021C
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00460223
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0046023A
                                      • #616.MSVBVM60(00000000), ref: 00460241
                                      • __vbaFreeStr.MSVBVM60 ref: 00460251
                                      • __vbaFreeVar.MSVBVM60 ref: 0046025A
                                      • __vbaFreeStr.MSVBVM60(004605A5), ref: 00460598
                                      • __vbaFreeStr.MSVBVM60 ref: 0046059D
                                      • __vbaFreeStr.MSVBVM60 ref: 004605A2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Error$BoundsGenerate$Copy$ListVarg$#616#631BoolDestructNofreeNullOverflow
                                      • String ID: ***$\fs
                                      • API String ID: 3210050275-1807395651
                                      • Opcode ID: 80304c7106bf5878ec9710c2ee57e8d8fa5641c4467b97653cf0db548bdfe168
                                      • Instruction ID: f95790412c6d19e51bd6d1d126cc5faf53f77df3bf053b47255ec0e102149ea5
                                      • Opcode Fuzzy Hash: 80304c7106bf5878ec9710c2ee57e8d8fa5641c4467b97653cf0db548bdfe168
                                      • Instruction Fuzzy Hash: 94713874D1021A9FCB04DFA4C9959EEBBB9FF48701F10802BE806A7351E7786949CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00473EC0, Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 79COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00473F00
                                      • __vbaObjVar.MSVBVM60(00000000), ref: 00473F07
                                      • __vbaForEachCollObj.MSVBVM60(004121D4,?,?,00000000), ref: 00473F1B
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,Value,00000000), ref: 00473F3F
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 00473F45
                                      • __vbaFreeVar.MSVBVM60 ref: 00473F50
                                      • __vbaNextEachCollObj.MSVBVM60(004121D4,?,?), ref: 00473F64
                                      • __vbaLateMemCallLd.MSVBVM60(?,?,Index,00000000), ref: 00473F7D
                                      • __vbaI2Var.MSVBVM60(00000000), ref: 00473F83
                                      • __vbaFreeVar.MSVBVM60 ref: 00473F8F
                                      • __vbaFreeObj.MSVBVM60(00473FB3), ref: 00473FAB
                                      • __vbaFreeObj.MSVBVM60 ref: 00473FB0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CallCollEachLate$BoolNextNofreeNullVarg
                                      • String ID: Index$Value$/@
                                      • API String ID: 829913826-612978273
                                      • Opcode ID: afbcb2d35df9a52a7137d3982feb9a77638ccb2590cacb1a7219346fddfd3fe5
                                      • Instruction ID: a7a2a3b91ab2eaa4f6d9e8f6850f76a926eeffc9600b54e1b8c1a159df99116a
                                      • Opcode Fuzzy Hash: afbcb2d35df9a52a7137d3982feb9a77638ccb2590cacb1a7219346fddfd3fe5
                                      • Instruction Fuzzy Hash: 30211CB1D40219AFCB04DFE4DD49AEEBB78EB08B50F14411AF501B7250D7B46A85CBE8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407B73, Relevance: 25.7, APIs: 17, Instructions: 198COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2Abs.MSVBVM60 ref: 00459F4F
                                      • __vbaI2Abs.MSVBVM60 ref: 00459F6A
                                      • __vbaI2Abs.MSVBVM60 ref: 00459F8D
                                      • _adj_fdiv_m64.MSVBVM60 ref: 00459FEB
                                      • __vbaFpI4.MSVBVM60 ref: 00459FFA
                                      • __vbaI2Abs.MSVBVM60 ref: 0045A058
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 0045A067
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 0045A076
                                      • #588.MSVBVM60(00000000), ref: 0045A07F
                                      • __vbaI2Abs.MSVBVM60 ref: 0045A092
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 0045A0A1
                                      • __vbaI2Abs.MSVBVM60(00000000), ref: 0045A0B0
                                      • #588.MSVBVM60(00000000), ref: 0045A0B3
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0045A0DE
                                      • __vbaLateIdCallLd.MSVBVM60(?,00080001,00000005,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A138
                                      • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A142
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A157
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#588$CallErrorFreeLateOverflow_adj_fdiv_m64
                                      • String ID:
                                      • API String ID: 860030067-0
                                      • Opcode ID: 711481295e470b8efd397d93b14e558fd59529cb8c33e48b6aa78cdf44f61951
                                      • Instruction ID: 24fc0ceb0212cb96cad6ecfc374624451b8be41033f9c8f414cc043d3842d976
                                      • Opcode Fuzzy Hash: 711481295e470b8efd397d93b14e558fd59529cb8c33e48b6aa78cdf44f61951
                                      • Instruction Fuzzy Hash: 3E51A576414306EBC700EF74D9445AFBBE8FF84B52F00492EF942A2291D7748499DBAB
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004072B5, Relevance: 25.6, APIs: 17, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,0044EACD), ref: 0044E911
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000), ref: 0044E93C
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044E942
                                      • __vbaStrMove.MSVBVM60 ref: 0044E94D
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E956
                                      • __vbaStrCopy.MSVBVM60 ref: 0044E964
                                      • __vbaFreeStr.MSVBVM60 ref: 0044E97E
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000,?), ref: 0044E993
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044E999
                                      • __vbaStrMove.MSVBVM60 ref: 0044E9A4
                                      • __vbaStrCmp.MSVBVM60(00000000), ref: 0044E9AB
                                      • __vbaFreeStr.MSVBVM60 ref: 0044E9BE
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E9C7
                                      • __vbaLateIdSt.MSVBVM60(?,0000000A), ref: 0044E9F6
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044EA11
                                      • __vbaFreeObj.MSVBVM60(0044EA44), ref: 0044EA34
                                      • __vbaFreeStr.MSVBVM60 ref: 0044EA3D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$Late$AddrefCall$Copy
                                      • String ID:
                                      • API String ID: 2127924653-0
                                      • Opcode ID: d0f34f9c5c756d31178bc400b73ae41559c322bab856f0be619afda3a963c558
                                      • Instruction ID: 8bb72b0e702f9da66530a53c9091f22525f4b9052872fae5c03a4111d8869819
                                      • Opcode Fuzzy Hash: d0f34f9c5c756d31178bc400b73ae41559c322bab856f0be619afda3a963c558
                                      • Instruction Fuzzy Hash: D9510C71D0020ADFDB04DFA5D9899EEFBB8FF48704F148129E516A36A0DB346946CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004635D0, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 85COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$#581Copy
                                      • String ID: H&@$\up
                                      • API String ID: 2036006995-724912432
                                      • Opcode ID: dace6f58a948a1f0a99b3ba762623a9319d58baff5e27f76dce3752b9baa52f2
                                      • Instruction ID: 4360672892a903b87016f7d103e596dac46c931ebf80d79bb52cc76cb2063474
                                      • Opcode Fuzzy Hash: dace6f58a948a1f0a99b3ba762623a9319d58baff5e27f76dce3752b9baa52f2
                                      • Instruction Fuzzy Hash: 6D312C71800209EFCB10DFA4DA88ADDBBB8FF48745F14416AE402B7260DB745A45CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00450BE0, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 80COMMON
                                      Download Yara Rule
                                      APIs
                                      • #712.MSVBVM60(?,00412B64,0041374C,00000001,000000FF,00000000), ref: 00450C35
                                      • __vbaStrMove.MSVBVM60(?,00412B64,0041374C,00000001,000000FF,00000000), ref: 00450C41
                                      • #712.MSVBVM60(?,00413758,00413760,00000001,000000FF,00000000,?,00412B64,0041374C,00000001,000000FF,00000000), ref: 00450C56
                                      • __vbaStrMove.MSVBVM60(?,00413758,00413760,00000001,000000FF,00000000,?,00412B64,0041374C,00000001,000000FF,00000000), ref: 00450C5C
                                      • #712.MSVBVM60(00000000,00412C2C,0041376C,00000001,000000FF,00000000,?,00413758,00413760,00000001,000000FF,00000000,?,00412B64,0041374C,00000001), ref: 00450C71
                                      • __vbaStrMove.MSVBVM60(?,00413758,00413760,00000001,000000FF,00000000,?,00412B64,0041374C,00000001,000000FF,00000000), ref: 00450C77
                                      • #712.MSVBVM60(?,004106F8,\par,00000001,000000FF,00000000,?,00413758,00413760,00000001,000000FF,00000000,?,00412B64,0041374C,00000001), ref: 00450C8C
                                      • __vbaStrMove.MSVBVM60(?,004106F8,\par,00000001,000000FF,00000000,?,00413758,00413760,00000001,000000FF,00000000,?,00412B64,0041374C,00000001), ref: 00450C92
                                      • #712.MSVBVM60(?,0041362C,\tab,00000001,000000FF,00000000,?,004106F8,\par,00000001,000000FF,00000000,?,00413758,00413760,00000001), ref: 00450CA7
                                      • __vbaStrMove.MSVBVM60(?,0041362C,\tab,00000001,000000FF,00000000,?,004106F8,\par,00000001,000000FF,00000000,?,00413758,00413760,00000001), ref: 00450CAD
                                      • __vbaStrCopy.MSVBVM60(?,0041362C,\tab,00000001,000000FF,00000000,?,004106F8,\par,00000001,000000FF,00000000,?,00413758,00413760,00000001), ref: 00450CB4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#712Move$Copy
                                      • String ID: \par$\tab$/@
                                      • API String ID: 354281846-257968443
                                      • Opcode ID: 00f53eb7a39a77dbc5798194ef7afd183b42a58eff0785070b52ad6c11a82714
                                      • Instruction ID: 5635ec29f947ce12e551981fcd0b5b90acea52f898d42005789a4589b81a58ff
                                      • Opcode Fuzzy Hash: 00f53eb7a39a77dbc5798194ef7afd183b42a58eff0785070b52ad6c11a82714
                                      • Instruction Fuzzy Hash: 582195B07843057BDB14AF688D82F5AB7E5AF88F11F30471AB520B73D4CAF8A9414A5C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00478960, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 184COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?), ref: 004789B2
                                      • __vbaLateMemSt.MSVBVM60(?,Caption), ref: 00478A21
                                      • __vbaFreeVar.MSVBVM60 ref: 00478A26
                                      • __vbaCheckType.MSVBVM60(00000000,00411ED0), ref: 00478A37
                                      • __vbaCheckType.MSVBVM60(00000000,00411E5C), ref: 00478A9D
                                      • __vbaLateMemSt.MSVBVM60(?,Value), ref: 00478AE7
                                      • __vbaCheckType.MSVBVM60(00000000,00411D4C), ref: 00478AFA
                                      • __vbaLateMemSt.MSVBVM60(?,Value), ref: 00478B53
                                      • __vbaFreeVar.MSVBVM60 ref: 00478B58
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckLateType$Free$Addref
                                      • String ID: Caption$Checked$Value$/@
                                      • API String ID: 1234755521-3876785948
                                      • Opcode ID: cadfc72d57b606df2e5e04855a8e9c07e102802e191404825a46bce4ba02daf5
                                      • Instruction ID: 92a1b45715ec6f501bf012f8b3efcd499f41414c766c5832ee75a4fe4d37f96d
                                      • Opcode Fuzzy Hash: cadfc72d57b606df2e5e04855a8e9c07e102802e191404825a46bce4ba02daf5
                                      • Instruction Fuzzy Hash: 3971FC7490120A9FDB14DFA8C588AEEFBB5FF48300F14855EE419A7340D774A981CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00472440, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0047249C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411E5C,000000E0), ref: 004724BF
                                      • __vbaFreeObj.MSVBVM60 ref: 004724CB
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004724E4
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E00,00000094), ref: 00472505
                                      • __vbaFreeObj.MSVBVM60 ref: 00472514
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00472528
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E00,00000094), ref: 00472549
                                      • __vbaFreeObj.MSVBVM60 ref: 00472558
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0047258D
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 00472590
                                      • __vbaFreeObj.MSVBVM60 ref: 00472599
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckHresult$Late
                                      • String ID: P+@
                                      • API String ID: 3735964677-2471578459
                                      • Opcode ID: 94f410011c8529c317ae4a363d0c0a6787bfda07e14be89031e182b61dd52bec
                                      • Instruction ID: 2cf613333be300e5972990ef27ca3bfb9aca7c7860e29ce09da0000094ef79b5
                                      • Opcode Fuzzy Hash: 94f410011c8529c317ae4a363d0c0a6787bfda07e14be89031e182b61dd52bec
                                      • Instruction Fuzzy Hash: B6414470A00205ABDB04EF69CD99FAEBBFCFF08704F108569F505E72A1D67459458B94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451A50, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 97COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451A8F
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000), ref: 00451AA0
                                      • __vbaStrVarMove.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451AAA
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451ABB
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451AC0
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001), ref: 00451AD3
                                      • #712.MSVBVM60(?,?,?,00000001,000000FF,00000000), ref: 00451B01
                                      • __vbaStrMove.MSVBVM60(?,?,00000001,000000FF,00000000), ref: 00451B0C
                                      • __vbaLateIdSt.MSVBVM60(?,0000000A,?,?,?,00000000), ref: 00451B32
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,00000000), ref: 00451B3D
                                      • __vbaFreeObj.MSVBVM60(00451B67,?,?,?,00000000), ref: 00451B57
                                      • __vbaFreeStr.MSVBVM60(?,?,?,00000000), ref: 00451B60
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$AddrefLate$#712Call
                                      • String ID: /@
                                      • API String ID: 1846175353-2163338593
                                      • Opcode ID: 8ae5980ea30455cc8cc433dc36f68bf4697a2c006d6a54d71bd385fc743082e7
                                      • Instruction ID: 6b31494f6c2a34c375118e08c1e2578d19b029196ff69bdc168126d5887a4043
                                      • Opcode Fuzzy Hash: 8ae5980ea30455cc8cc433dc36f68bf4697a2c006d6a54d71bd385fc743082e7
                                      • Instruction Fuzzy Hash: C33110B5900209AFDB04DF94DE85DAEBBB8FF48701F108169F906B72A0E734AD44CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A89, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 88COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrI4.MSVBVM60(00000000,0041403C,00000000,660E6C30,?), ref: 004584B3
                                      • __vbaStrMove.MSVBVM60 ref: 004584C4
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 004584CD
                                      • __vbaStrMove.MSVBVM60 ref: 004584D4
                                      • __vbaStrCat.MSVBVM60(\froman\fprq2\fcharset0 ,00000000), ref: 004584DC
                                      • __vbaVarVargNofree.MSVBVM60(?), ref: 004584FD
                                      • __vbaVarCat.MSVBVM60(?,00000000), ref: 0045850E
                                      • __vbaVarCat.MSVBVM60(?,?,00000000), ref: 00458519
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0045851C
                                      • __vbaStrMove.MSVBVM60 ref: 00458527
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00458533
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 00458547
                                      Strings
                                      • \froman\fprq2\fcharset0 , xrefs: 004584D7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$FreeList$NofreeVarg
                                      • String ID: \froman\fprq2\fcharset0
                                      • API String ID: 189518158-456205448
                                      • Opcode ID: b9b57b4175c17f1d67f8efa1b6e3205e1555f5a0d58fde7e5d18c2a562f81d3b
                                      • Instruction ID: c7ceb9e6ace1bd98fe84c38055b85e8ad8795fe3cbb16c930ad05a8c0d7df1ae
                                      • Opcode Fuzzy Hash: b9b57b4175c17f1d67f8efa1b6e3205e1555f5a0d58fde7e5d18c2a562f81d3b
                                      • Instruction Fuzzy Hash: 4031C2B5D00219AFDB00DFA4CD44AAEBBB8FB48300F10852AE805E7250EB785945CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462020, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 85COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$#581Copy
                                      • String ID: \dn
                                      • API String ID: 2036006995-830270522
                                      • Opcode ID: 4e1025e1c255c75b0e952d2c11874a77269bcacb9f7482e405602af735edf635
                                      • Instruction ID: 4e6695fae8178b1ea3ff1faadca1a467028762b38331041a63208e63b8d67111
                                      • Opcode Fuzzy Hash: 4e1025e1c255c75b0e952d2c11874a77269bcacb9f7482e405602af735edf635
                                      • Instruction Fuzzy Hash: A831FBB1800209EFCF04DFA4DA88ADDBBB8FF48745F14416AE506B7160EBB45946CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00441190, Relevance: 22.7, APIs: 15, Instructions: 165COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0044120A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E00,000000A0), ref: 0044122D
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0044126E
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 00441271
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00441281
                                      • __vbaFreeVar.MSVBVM60 ref: 0044128D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401370,00410900,0000075C), ref: 004412AC
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004412DB
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000), ref: 004412E2
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 004412EC
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00441323
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 00441326
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00441336
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00441346
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401370,00410900,0000075C), ref: 0044136C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckHresultLateList$CallMove
                                      • String ID:
                                      • API String ID: 1386742439-0
                                      • Opcode ID: b4023e77428d22e3e810808253a689706b320902661990958ad773dc34d95067
                                      • Instruction ID: eb57a89823fef3ab8cbbe81ce88e050282f70bca7439c85ed54fd9be396bb779
                                      • Opcode Fuzzy Hash: b4023e77428d22e3e810808253a689706b320902661990958ad773dc34d95067
                                      • Instruction Fuzzy Hash: E1512EB0900209AFDB009FA4CD89EEEBBB8FF48700F108569F545E7251D7789945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004070FB, Relevance: 22.6, APIs: 15, Instructions: 107COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044AC7B,00000005,00000000,00000000,?), ref: 0044A906
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A90C
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A91F
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044AC7B,00000005,00000000), ref: 0044A936
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A93C
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A948
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044AC7B,FFFFFDFB,00000000), ref: 0044A966
                                      • __vbaLateIdCallLd.MSVBVM60(?,0044AC7B,00000008,00000000), ref: 0044A974
                                      • __vbaI4Var.MSVBVM60(?,?), ref: 0044A98E
                                      • __vbaStrVarMove.MSVBVM60(?,00000000), ref: 0044A999
                                      • __vbaStrMove.MSVBVM60 ref: 0044A9AA
                                      • #631.MSVBVM60(00000000), ref: 0044A9AD
                                      • __vbaStrMove.MSVBVM60 ref: 0044A9B8
                                      • __vbaFreeStr.MSVBVM60 ref: 0044A9BD
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0044A9CD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CallFreeLate$Move$#631List
                                      • String ID:
                                      • API String ID: 1777619210-0
                                      • Opcode ID: 6333d03b55965390f2391f1882cad5d061e5fa7b6b41a8641d1eb1d2dd28bda9
                                      • Instruction ID: f2ebd254266b62d405693153bb7ae7a2a157b7ff4e2a554419776cf730b9f323
                                      • Opcode Fuzzy Hash: 6333d03b55965390f2391f1882cad5d061e5fa7b6b41a8641d1eb1d2dd28bda9
                                      • Instruction Fuzzy Hash: 67414CB1900219AFDB00DFA0DE85EEEBBB8FB08700F004529F905B7690E7746905CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A21, Relevance: 22.6, APIs: 15, Instructions: 90COMMON
                                      Download Yara Rule
                                      APIs
                                      • #517.MSVBVM60(?,00000008,660E697D,0000000A), ref: 004571C2
                                      • __vbaStrMove.MSVBVM60(?,00000008,660E697D,0000000A), ref: 004571D2
                                      • #648.MSVBVM60(?,?,00000008,660E697D,0000000A), ref: 004571E6
                                      • __vbaFreeVar.MSVBVM60(?,00000008,660E697D,0000000A), ref: 004571F1
                                      • __vbaFileOpen.MSVBVM60(00000001,000000FF,00000000,?,?,00000008,660E697D,0000000A), ref: 00457202
                                      • #571.MSVBVM60(00000000,?,?,00000008,660E697D,0000000A), ref: 00457209
                                      • __vbaLineInputStr.MSVBVM60(?,00000000,?,?,00000008,660E697D,0000000A), ref: 00457219
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,?,00000008,660E697D,0000000A), ref: 0045722D
                                      • #616.MSVBVM60(?,-00000001,?,?,00000008,660E697D,0000000A), ref: 00457241
                                      • __vbaStrMove.MSVBVM60(?,?,00000008,660E697D,0000000A), ref: 0045724C
                                      • __vbaStrCmp.MSVBVM60(00000000,?,?,?,00000008,660E697D,0000000A), ref: 00457255
                                      • __vbaStrCopy.MSVBVM60(?,?,00000008,660E697D,0000000A), ref: 00457265
                                      • __vbaFileClose.MSVBVM60(00000000,?,?,00000008,660E697D,0000000A), ref: 0045726C
                                      • __vbaFreeStr.MSVBVM60(004572A3,?,?,00000008,660E697D,0000000A), ref: 0045729B
                                      • __vbaFreeStr.MSVBVM60(?,?,00000008,660E697D,0000000A), ref: 004572A0
                                      • __vbaErrorOverflow.MSVBVM60(?,?,00000008,660E697D,0000000A), ref: 004572C0
                                      • __vbaStrCat.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457373
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457380
                                      • __vbaStrCat.MSVBVM60( you have created.,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457388
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 0045738F
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 00457397
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 0045739E
                                      • __vbaStrCat.MSVBVM60(004106F8,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573A6
                                      • __vbaStrMove.MSVBVM60(?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573AD
                                      • __vbaStrCat.MSVBVM60(Are you sure?,00000000,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573B5
                                      • #595.MSVBVM60(?,00000004,?,?,?,?,If you proceed you will lose ALL ,?,00000000,660E6C30), ref: 004573D3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$File$#517#571#595#616#648CloseCopyErrorInputLineOpenOverflow
                                      • String ID:
                                      • API String ID: 626781050-0
                                      • Opcode ID: ca5f7dc95e9afe7860d4b4e68af68920d0d5553430201ac3bc447afbd14bbe76
                                      • Instruction ID: a3f48f394e6358e83339c040a0672f9d6a49b8c3f04a7193213a15eb601a471b
                                      • Opcode Fuzzy Hash: ca5f7dc95e9afe7860d4b4e68af68920d0d5553430201ac3bc447afbd14bbe76
                                      • Instruction Fuzzy Hash: E431EC75905209AFCB00DFA4ED88AAEBBB9FF48701F104169F805F32A0DB349945CB69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00477C20, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 141COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCastObj.MSVBVM60(?,004121D4), ref: 00477C80
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00477C8B
                                      • __vbaObjSetAddref.MSVBVM60(00402D3C,00000000,?,004121D4), ref: 00477C93
                                      • __vbaFreeObj.MSVBVM60(?,004121D4), ref: 00477C9C
                                      • __vbaVarMove.MSVBVM60(?,004121D4), ref: 00477CB9
                                      • __vbaLateMemCallSt.MSVBVM60(?,List,00000001), ref: 00477D34
                                      • __vbaFreeVar.MSVBVM60 ref: 00477D3C
                                      • __vbaLateMemCallSt.MSVBVM60(?,Selected,00000001), ref: 00477DA8
                                      • __vbaFreeVar.MSVBVM60 ref: 00477DB0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CallLate$AddrefCastMove
                                      • String ID: List$Selected$/@
                                      • API String ID: 1921576248-3090153006
                                      • Opcode ID: 19be0f17ef8e4e1aea7079d5cc11577a57b22503a76c17e3804aafede7c2a9de
                                      • Instruction ID: f11e2bde06151608eb3ce52eadf7ab0bdf2eeddab5cb9141c58ce258021f1af2
                                      • Opcode Fuzzy Hash: 19be0f17ef8e4e1aea7079d5cc11577a57b22503a76c17e3804aafede7c2a9de
                                      • Instruction Fuzzy Hash: C051F4B4D01309AFCB04DFA9D98499EFBB5FF88300F20855AE809A7360D775A946CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00459A70, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 137COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459AB2
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000008,00000000,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459AC5
                                      • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459ACB
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459AD9
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459AEB
                                      • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459AF1
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459AFF
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00459B25
                                      • __vbaFreeObj.MSVBVM60(00459B52,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459B4B
                                      • __vbaErrorOverflow.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00459B71
                                      • __vbaRedimVar.MSVBVM60(00000003,?,00000001,?,00000000), ref: 00459BC4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$AddrefCallLate$ErrorOverflowRedim
                                      • String ID: /@
                                      • API String ID: 2754378384-2163338593
                                      • Opcode ID: 4d7978efa49d07b833c6ff1b7baf25e38cb554382a82290422e9a74de61f953a
                                      • Instruction ID: dca38bd84c7776c6be81c9681a485737c190b422aaff85bda5999c3a86f902bb
                                      • Opcode Fuzzy Hash: 4d7978efa49d07b833c6ff1b7baf25e38cb554382a82290422e9a74de61f953a
                                      • Instruction Fuzzy Hash: 57418A71500205AFDB00DFA8DD88E9ABBF8FF88710F24865DF546A72A0D730AD44CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044FD70, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044FDB1
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044FDD1
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044FE05
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044FE2B
                                      • __vbaStrCat.MSVBVM60(0041071C,?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE43
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE4A
                                      • __vbaStrCat.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE54
                                      • __vbaStrMove.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE5A
                                      • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE63
                                      • __vbaStrCat.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE75
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044FE7F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$Copy
                                      • String ID: /@
                                      • API String ID: 1034842956-2163338593
                                      • Opcode ID: 3df96ae42e70e461b43734847f6333820c23f92b67a2a2a07db5f988af23a065
                                      • Instruction ID: 6580cac394b19a8ea23b0aa185160556daea5df1fb5d9a52eb4bbe5959da5b8e
                                      • Opcode Fuzzy Hash: 3df96ae42e70e461b43734847f6333820c23f92b67a2a2a07db5f988af23a065
                                      • Instruction Fuzzy Hash: 7D312D7460010ADFDB00DF54CA85DAEB7B9FF88705F20416AE802E7765EB34AD49CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00467860, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004678BA
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004028B8,0041202C,00000058,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004678DB
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004678F2
                                      • #588.MSVBVM60(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046791C
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046795A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Copy$#588CheckFreeHresult
                                      • String ID: Black Highlight$Button on Demo$Green$New Addition$beige
                                      • API String ID: 2173673535-1567601070
                                      • Opcode ID: 49c7ab5d3d035dce39717ffb32fbc3de405b9234df4024f2ec67b9064dfe7905
                                      • Instruction ID: a78653c788e75a4e68fff6b446cf9f0c1273c067b9bad885c8589a37bee48244
                                      • Opcode Fuzzy Hash: 49c7ab5d3d035dce39717ffb32fbc3de405b9234df4024f2ec67b9064dfe7905
                                      • Instruction Fuzzy Hash: A231B5B1904109DBEB109F54C984AFEBBF9EF48744F60806BE501B7680D7785D4ACB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00441E10, Relevance: 19.7, APIs: 13, Instructions: 155COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00441E78
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,0000007C,?,?,?,?,?,?,?,00402FE6), ref: 00441E9D
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00441EBB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000080,?,?,?,?,?,?,?,00402FE6), ref: 00441EE6
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00441F04
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000084,?,?,?,?,?,?,?,00402FE6), ref: 00441F2F
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00441F4D
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,0000008C,?,?,?,?,?,?,?,00402FE6), ref: 00441F78
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00441F96
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000090,?,?,?,?,?,?,?,00402FE6), ref: 00441FBD
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00441FD8
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000088,?,?,?,?,?,?,?,00402FE6), ref: 00441FFF
                                      • __vbaEnd.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 00442005
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresultNew2
                                      • String ID:
                                      • API String ID: 1998677070-0
                                      • Opcode ID: ec91619babc1c075be8d3a7f635b07040fa0d9ddd28e2fa4e6ecfc270e406c59
                                      • Instruction ID: 1ac347ce6c152d32f8d52dfb7d51ea0f45fc36ae7da91a255913d101cb01bec6
                                      • Opcode Fuzzy Hash: ec91619babc1c075be8d3a7f635b07040fa0d9ddd28e2fa4e6ecfc270e406c59
                                      • Instruction Fuzzy Hash: 4B515D34B40210EBE7159F25DF49F5B3BE8FB0A745F10446AFA45E72A0C7B89845CB58
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004081E6, Relevance: 19.6, APIs: 13, Instructions: 99COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(6600A296,?,00000000,00000000,6600A296), ref: 00465BA2
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00465BB9
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00465BBF
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00465BD8
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00465BEB
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00465BF1
                                      • __vbaStrMove.MSVBVM60 ref: 00465BFC
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 00465C09
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00465C1C
                                      • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00465C25
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000), ref: 00465C5D
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00465C63
                                      • __vbaStrMove.MSVBVM60 ref: 00465C6E
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 00465C7B
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00465C8E
                                      • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00465C97
                                      • __vbaLateIdSt.MSVBVM60(?,0000000A), ref: 00465CBF
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,00000000), ref: 00465CCB
                                      • __vbaFreeObj.MSVBVM60(00465CF5,?,00000000), ref: 00465CEE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$LateMove$Call$Addref
                                      • String ID:
                                      • API String ID: 47323509-0
                                      • Opcode ID: b733b5a46c674c726b3f925b959e8ef2068bf6c46498647f2f76c15b7723202b
                                      • Instruction ID: bd7d4c1ff8078e721e0267605e25447da13156806386486992972139dea67911
                                      • Opcode Fuzzy Hash: b733b5a46c674c726b3f925b959e8ef2068bf6c46498647f2f76c15b7723202b
                                      • Instruction Fuzzy Hash: 44315075900215ABDB04DFA4DE45E9EBBB8FF48B00F108259F916B72A0DB346904CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407462, Relevance: 19.6, APIs: 13, Instructions: 99COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(6600A296,?,00000000,00000000,6600A296), ref: 00452012
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00452029
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0045202F
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00452048
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 0045205B
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00452061
                                      • __vbaStrMove.MSVBVM60 ref: 0045206C
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 00452079
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 0045208C
                                      • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00452095
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000A,00000000), ref: 004520CD
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 004520D3
                                      • __vbaStrMove.MSVBVM60 ref: 004520DE
                                      • __vbaStrCmp.MSVBVM60(?,00000000), ref: 004520EB
                                      • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004520FE
                                      • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00452107
                                      • __vbaLateIdSt.MSVBVM60(?,0000000A), ref: 0045212F
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,00000000), ref: 0045213B
                                      • __vbaFreeObj.MSVBVM60(00452165,?,00000000), ref: 0045215E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$LateMove$Call$Addref
                                      • String ID:
                                      • API String ID: 47323509-0
                                      • Opcode ID: 6dd6b0e13dbed692586b0c30c1d61c78049f069cb0a1ea5cd84f8c504779e2c3
                                      • Instruction ID: 68a71a52472e2ff32eec4942405836e4780236076ba1fa6abb29d68ad1662da0
                                      • Opcode Fuzzy Hash: 6dd6b0e13dbed692586b0c30c1d61c78049f069cb0a1ea5cd84f8c504779e2c3
                                      • Instruction Fuzzy Hash: 59318171900215EBCB04DFA4DE45E9EBBB8FF48B01F10825AF906B76A0D7746D04CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00449800, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 86COMMON
                                      Download Yara Rule
                                      APIs
                                      • #588.MSVBVM60(0000007F,0000007F,0000007F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044984E
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00449862
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044987A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000014,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044989F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412A60,00000050,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004498C3
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004498D5
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004498DA
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004498E3
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004498F1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Copy$CheckFreeHresult$#588New2
                                      • String ID: Document.rtf$\ul
                                      • API String ID: 510489403-4014657684
                                      • Opcode ID: 0d0f0ebff236312b7b70fc48923412a8aa5deac99bf79cef784406058efce1d6
                                      • Instruction ID: 68a1b54d1742e50803864e96e4e96e96134da73a3161d1a9b41d24cc71936cd0
                                      • Opcode Fuzzy Hash: 0d0f0ebff236312b7b70fc48923412a8aa5deac99bf79cef784406058efce1d6
                                      • Instruction Fuzzy Hash: 3E316C74900709AFD710DF65CD89AAEBBB4FB44704F20852EF542A36E0D7B8A945CB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004782C0, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 75COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCastObj.MSVBVM60(?,004121D4), ref: 00478317
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00478324
                                      • __vbaCastObj.MSVBVM60(?,004121D4,?,004121D4), ref: 00478331
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,004121D4), ref: 00478338
                                      • __vbaCastObj.MSVBVM60(?,00411ED0,?,004121D4,?,004121D4), ref: 00478351
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,004121D4), ref: 00478358
                                      • __vbaCastObj.MSVBVM60(?,00411ED0,?,004121D4,?,004121D4), ref: 00478363
                                      • __vbaObjSet.MSVBVM60(/@,00000000,?,004121D4,?,004121D4), ref: 0047836A
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,004121D4,?,004121D4), ref: 00478376
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Cast$FreeList
                                      • String ID: H-@$/@
                                      • API String ID: 1535067135-2144725523
                                      • Opcode ID: 74a7bcf89869e76733206df6ced427e4a136c2ec1feb0bd0822a1850ae1a7e98
                                      • Instruction ID: 4eafa65188059b1586c818d20c83b3a0483f02cedf184e3c4edd1e4eb04c9b5e
                                      • Opcode Fuzzy Hash: 74a7bcf89869e76733206df6ced427e4a136c2ec1feb0bd0822a1850ae1a7e98
                                      • Instruction Fuzzy Hash: EA212FB5900209ABCB00DFA5CD85EEFF7BCFF84700F10851AFA15A7250D6B8A9418B94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004783C0, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 74COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCastObj.MSVBVM60(?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047840E
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047841B
                                      • __vbaCastObj.MSVBVM60(?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00478428
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047842F
                                      • __vbaCastObj.MSVBVM60(?,00411D4C,?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00478448
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047844F
                                      • __vbaCastObj.MSVBVM60(?,00411D4C,?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047845A
                                      • __vbaObjSet.MSVBVM60(/@,00000000,?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00478461
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,004121D4,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047846D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Cast$FreeList
                                      • String ID: X-@$/@
                                      • API String ID: 1535067135-3541411938
                                      • Opcode ID: 712637f173364e4683deb5170ad7f6427271368944a9b0ce7503008b66e0237e
                                      • Instruction ID: 433cf23b2a6ef55e0a7ec5765eee7999ad273995ca6a59205b4c9a9f7f480a0e
                                      • Opcode Fuzzy Hash: 712637f173364e4683deb5170ad7f6427271368944a9b0ce7503008b66e0237e
                                      • Instruction Fuzzy Hash: 2D21E2B5940249ABCB00DFA5CD85DEFF7BCEF84700F10851AB615E7650D6B8A9418BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00459C70, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaInStr.MSVBVM60(00000000, **,00000000,00000001,?,?,?,?,?,00402FE6), ref: 00459CC3
                                      • #712.MSVBVM60(?, **,hardhard,00000001,000000FF,00000000,?,?,?,?,?,00402FE6), ref: 00459CDB
                                      • __vbaStrMove.MSVBVM60(?, **,hardhard,00000001,000000FF,00000000,?,?,?,?,?,00402FE6), ref: 00459CE5
                                      • __vbaInStr.MSVBVM60(00000000,004140A4,?,00000001,?,?,?,?,?,00402FE6), ref: 00459CF6
                                      • #712.MSVBVM60(00000000,004140A4,hard,00000001,000000FF,00000000,?,00000001,?,?,?,?,?,00402FE6), ref: 00459D0E
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,?,?,?,?,00402FE6), ref: 00459D18
                                      • __vbaStrCopy.MSVBVM60(?,00000001,?,?,?,?,?,00402FE6), ref: 00459D23
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#712Move$Copy
                                      • String ID: **$hard$hardhard$/@
                                      • API String ID: 354281846-3724862574
                                      • Opcode ID: 1a788c2ad2fe244e1cc9aaf58e0cbeb4638367db93e200890a750c3d44e5c6b8
                                      • Instruction ID: 3076b25cb4db8ed5b227e7bf49ed82def3b12bd43906f3af2cc5e05942b0b589
                                      • Opcode Fuzzy Hash: 1a788c2ad2fe244e1cc9aaf58e0cbeb4638367db93e200890a750c3d44e5c6b8
                                      • Instruction Fuzzy Hash: 89218EB4640205AFCB109F55CD85F9ABBF8AB48B10F20462AF945A72D4C67898458A58
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00454D30, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00454D78
                                      • __vbaLenVar.MSVBVM60(?,00000000), ref: 00454D7F
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 00454D86
                                      • __vbaVarVargNofree.MSVBVM60(?,000000FF,00000000), ref: 00454DAA
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 00454DB1
                                      • #711.MSVBVM60(?,00000000), ref: 00454DBC
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 00454DC6
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 00454DD1
                                      • __vbaFreeStr.MSVBVM60 ref: 00454DDD
                                      • __vbaFreeVar.MSVBVM60 ref: 00454DE6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeNofreeVarg$#711BoolNullUbound
                                      • String ID: /@
                                      • API String ID: 2416406485-2163338593
                                      • Opcode ID: 3e4ce3e0c3fb801fd781d54fa4838eb2d9550c69a9506139f91cbdc8eab46d76
                                      • Instruction ID: 65ec11076818771b71c340d4a1fa54fa787959df71ea74b80efea2747c023186
                                      • Opcode Fuzzy Hash: 3e4ce3e0c3fb801fd781d54fa4838eb2d9550c69a9506139f91cbdc8eab46d76
                                      • Instruction Fuzzy Hash: 0D21E9B5900209AFCB00DFA4D9899EEBBBCFF48711F14411AF902B7260DB745985CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044A630, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0044A678
                                      • __vbaLenVar.MSVBVM60(?,00000000), ref: 0044A67F
                                      • __vbaBoolVarNull.MSVBVM60(00000000), ref: 0044A686
                                      • __vbaVarVargNofree.MSVBVM60(?,000000FF,00000000), ref: 0044A6AA
                                      • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0044A6B1
                                      • #711.MSVBVM60(?,00000000), ref: 0044A6BC
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0044A6C6
                                      • __vbaUbound.MSVBVM60(00000001,?), ref: 0044A6D1
                                      • __vbaFreeStr.MSVBVM60 ref: 0044A6DD
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A6E6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeNofreeVarg$#711BoolNullUbound
                                      • String ID: /@
                                      • API String ID: 2416406485-2163338593
                                      • Opcode ID: 30f16fb67acd09c2515dffcfa8ae0f6e92eb339ac1b6c31d564e0b7cc7317511
                                      • Instruction ID: 704965be2659072d5fe89a4a3cabf20a1d15bc3eb5b89c620bbfbc6cfadae2ce
                                      • Opcode Fuzzy Hash: 30f16fb67acd09c2515dffcfa8ae0f6e92eb339ac1b6c31d564e0b7cc7317511
                                      • Instruction Fuzzy Hash: 4B21D5B5900209AFDB10DFA4D9889EEBBBCFB48710F14451AF502B7260DB749985CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045A1A0, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A1E2
                                      • __vbaVarVargNofree.MSVBVM60(00000000), ref: 0045A1ED
                                      • __vbaVarTstLt.MSVBVM60(00000000), ref: 0045A1F0
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A200
                                      • __vbaVargVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A206
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A211
                                      • __vbaVarVargNofree.MSVBVM60(00000000), ref: 0045A21C
                                      • __vbaVarTstGt.MSVBVM60(00000000), ref: 0045A21F
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A22F
                                      • __vbaVargVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045A235
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Varg$Nofree$Copy
                                      • String ID: /@
                                      • API String ID: 4205766987-2163338593
                                      • Opcode ID: c8accae8d65a6a1faee4d639f31f5fbd4d97639230f418a12ded0ab3f3c8b8ba
                                      • Instruction ID: 48d1d8443d794298db1e58e1f552a25c0a358d297d633fe12ddaddd1ecda7fff
                                      • Opcode Fuzzy Hash: c8accae8d65a6a1faee4d639f31f5fbd4d97639230f418a12ded0ab3f3c8b8ba
                                      • Instruction Fuzzy Hash: 4C112B75E10218ABCB00DFA8DD84AAE7BB9BF48740F10412AF806E3254EF349906CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407086, Relevance: 18.1, APIs: 12, Instructions: 130COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449C1F
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449C3A
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449C5D
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 00449CBB
                                      • __vbaFpI4.MSVBVM60(?,?), ref: 00449CCA
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449D28
                                      • __vbaI2Abs.MSVBVM60(00000000,?,?), ref: 00449D37
                                      • __vbaI2Abs.MSVBVM60(00000000,?,?), ref: 00449D46
                                      • #588.MSVBVM60(00000000,?,?), ref: 00449D4F
                                      • __vbaI2Abs.MSVBVM60(?,?), ref: 00449D62
                                      • __vbaI2Abs.MSVBVM60(00000000,?,?), ref: 00449D71
                                      • __vbaI2Abs.MSVBVM60(00000000,?,?), ref: 00449D80
                                      • #588.MSVBVM60(00000000,?,?), ref: 00449D83
                                      • __vbaErrorOverflow.MSVBVM60(?,?), ref: 00449DAE
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000D,00000000,?,660E4CDA), ref: 00449DFF
                                      • #560.MSVBVM60(00000000), ref: 00449E09
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00449E15
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#588$#560CallErrorFreeLateOverflow_adj_fdiv_m64
                                      • String ID:
                                      • API String ID: 3384597571-0
                                      • Opcode ID: 5662098456f78bc5e25c4a4eb94c19a7a93fce56aadaa0740fc7a19cb45a7c36
                                      • Instruction ID: 10b0a745d6a5e49ecf8f366aa6fbb1f7cf97a366eecbb23b837283df6d62d86c
                                      • Opcode Fuzzy Hash: 5662098456f78bc5e25c4a4eb94c19a7a93fce56aadaa0740fc7a19cb45a7c36
                                      • Instruction Fuzzy Hash: FF41B2B98183079AD740EF7498586AB77E4FBC8755F10482EE18292210D3758899D7BB
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00477700, Relevance: 18.1, APIs: 12, Instructions: 114COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,00402FE6), ref: 0047771E
                                      • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,00402FE6), ref: 00477771
                                      • #645.MSVBVM60(00000008,00000000), ref: 004777AE
                                      • __vbaStrMove.MSVBVM60 ref: 004777B9
                                      • __vbaFreeVar.MSVBVM60 ref: 004777C2
                                      • #685.MSVBVM60 ref: 004777CF
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004777DA
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00413E68,0000001C), ref: 0047780D
                                      • __vbaStrCmp.MSVBVM60(00412C18,?), ref: 00477828
                                      • __vbaFreeObj.MSVBVM60 ref: 0047784A
                                      • __vbaOnError.MSVBVM60(00000000), ref: 0047787D
                                      • __vbaFreeStr.MSVBVM60(004778B0,?,?,?,?,00402FE6), ref: 004778A9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Error$#645#685CheckChkstkHresultMove
                                      • String ID:
                                      • API String ID: 2423814538-0
                                      • Opcode ID: 01516ff1edbc9f688c866e350052c3a8d8929c12008a2b770ad1d81040d67e00
                                      • Instruction ID: f640468eb77d5a6318a182b648d7ed347cb280c66d13c3559c01c3f2b37bbf77
                                      • Opcode Fuzzy Hash: 01516ff1edbc9f688c866e350052c3a8d8929c12008a2b770ad1d81040d67e00
                                      • Instruction Fuzzy Hash: 5A41E775D00208EBDB04DFE4CA48BDEBBB8FF08705F108159E506B72A0D7B85A45CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407045, Relevance: 18.1, APIs: 12, Instructions: 107COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(004015F0), ref: 00449204
                                      • __vbaObjSetAddref.MSVBVM60(004015EC), ref: 00449214
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000013,00000000), ref: 00449234
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0044923E
                                      • __vbaStrMove.MSVBVM60 ref: 00449249
                                      • __vbaStrCopy.MSVBVM60 ref: 00449253
                                      • __vbaFreeStr.MSVBVM60 ref: 0044925C
                                      • __vbaFreeVar.MSVBVM60 ref: 00449265
                                      • __vbaLateIdSt.MSVBVM60(?,00000013), ref: 00449290
                                      • __vbaStrCopy.MSVBVM60 ref: 004492C2
                                      • __vbaFreeStr.MSVBVM60 ref: 004492CB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004015B8,00410EB8,00000064), ref: 004492E5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$AddrefCopyLateMove$CallCheckHresult
                                      • String ID:
                                      • API String ID: 4265851037-0
                                      • Opcode ID: 4bc66830f70aa8c768a313a58d81487d797fe83de4223255ff2be18ca0a15bf7
                                      • Instruction ID: 161fdae5cb1af9860e17f8f7401ae31fa039699e8b689c21799dddd664448e1a
                                      • Opcode Fuzzy Hash: 4bc66830f70aa8c768a313a58d81487d797fe83de4223255ff2be18ca0a15bf7
                                      • Instruction Fuzzy Hash: 4E415E70900209EFDB10DF95C989AAEBBB8FF48700F10852AE906A76A4D774A845CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00468140, Relevance: 18.1, APIs: 12, Instructions: 98COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 00468188
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00468196
                                      • __vbaLateIdSt.MSVBVM60(?,00000007), ref: 004681C8
                                      • __vbaLateIdSt.MSVBVM60(?,00000006), ref: 004681EA
                                      • __vbaLateIdSt.MSVBVM60(?,00000012), ref: 0046820A
                                      • __vbaLateIdCall.MSVBVM60(?,00000020,00000000), ref: 00468214
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000006,00000000), ref: 00468226
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00468230
                                      • __vbaFreeVar.MSVBVM60 ref: 0046823C
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00468248
                                      • __vbaExitProc.MSVBVM60 ref: 0046824E
                                      • __vbaFreeObj.MSVBVM60(0046826F), ref: 00468268
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$AddrefCallFree$ErrorExitProc
                                      • String ID:
                                      • API String ID: 1211590848-0
                                      • Opcode ID: b5ef9dc6f4842c1bbe6864299d98378fc59a901cdef1bd0199bd80cf8111fd7d
                                      • Instruction ID: d3bd024d6c003a2f45790821e8e353f1c96facd1b8232045096b65571e912cb2
                                      • Opcode Fuzzy Hash: b5ef9dc6f4842c1bbe6864299d98378fc59a901cdef1bd0199bd80cf8111fd7d
                                      • Instruction Fuzzy Hash: C5414FB19002449FDB00EFA9CA49B9EFBB8FF48700F10C25AF506AB695D7749944CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407274, Relevance: 18.1, APIs: 12, Instructions: 97COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,66106831,660E6C30,660E6FE2), ref: 0044E380
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 0044E391
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044E39B
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E3AE
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 0044E3C4
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0044E3D1
                                      • __vbaStrMove.MSVBVM60 ref: 0044E3DC
                                      • __vbaVarMove.MSVBVM60 ref: 0044E413
                                      • __vbaFreeStr.MSVBVM60 ref: 0044E41C
                                      • __vbaFreeVar.MSVBVM60 ref: 0044E425
                                      • __vbaVarMove.MSVBVM60 ref: 0044E453
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044E45E
                                      • __vbaFreeObj.MSVBVM60(0044E497), ref: 0044E490
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$AddrefCallLate
                                      • String ID:
                                      • API String ID: 2902844466-0
                                      • Opcode ID: e43168ad994f013af0ea2d1d669c4aa79c202082ca279f1a5edffb560f5f2a36
                                      • Instruction ID: ce4cbe6a4371f77cd75cc72b3b82556ce4a5bfc58d74e0a1ae6d0f209b3cc842
                                      • Opcode Fuzzy Hash: e43168ad994f013af0ea2d1d669c4aa79c202082ca279f1a5edffb560f5f2a36
                                      • Instruction Fuzzy Hash: 363106B1900248EBDB04DFA5D988DEEBBB8FF48700F14422AF502A7664DB746985CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407B25, Relevance: 18.1, APIs: 12, Instructions: 97COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,00080005,6600A296,00000000,00000000), ref: 00459920
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00459931
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0045993B
                                      • __vbaFreeVar.MSVBVM60 ref: 0045994E
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00459964
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 00459971
                                      • __vbaStrMove.MSVBVM60 ref: 0045997C
                                      • __vbaVarMove.MSVBVM60 ref: 004599B3
                                      • __vbaFreeStr.MSVBVM60 ref: 004599BC
                                      • __vbaFreeVar.MSVBVM60 ref: 004599C5
                                      • __vbaVarMove.MSVBVM60 ref: 004599F3
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 004599FE
                                      • __vbaFreeObj.MSVBVM60(00459A37), ref: 00459A30
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$AddrefCallLate
                                      • String ID:
                                      • API String ID: 2902844466-0
                                      • Opcode ID: baa471118f9ded570f242fb06fc7f6e8fe3f81b42a20e655188d7ca77c90ef2c
                                      • Instruction ID: 6df467f2dd97d3040a6534b57046834d1d45b9a3528efb05f2d3ff24a6077b2b
                                      • Opcode Fuzzy Hash: baa471118f9ded570f242fb06fc7f6e8fe3f81b42a20e655188d7ca77c90ef2c
                                      • Instruction Fuzzy Hash: 163128B1900248EBCB04DF94D988DEEBBB8FF48701F14422AF802A7665DB745989CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00467D10, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 00467D64
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFD,00000000), ref: 00467D88
                                      • __vbaI4Var.MSVBVM60(?,0000043A,00000001,00000054), ref: 00467DA3
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00467DB1
                                      • __vbaFreeVar.MSVBVM60 ref: 00467DBD
                                      • __vbaExitProc.MSVBVM60 ref: 00467E3A
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00467E7C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041202C,00000054), ref: 00467EC7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041202C,00000044), ref: 00467EE1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$CheckHresult$CallExitFreeLateOverflowProcSystem
                                      • String ID: T
                                      • API String ID: 3509363181-3187964512
                                      • Opcode ID: 32de4befa246a2810f36229114d809fbdefc865bd1fc0eac4c79b08907ae6269
                                      • Instruction ID: 9d85cde27109e0d73e429c5829bb404c2be5112d15f3246d9cce210d024447ae
                                      • Opcode Fuzzy Hash: 32de4befa246a2810f36229114d809fbdefc865bd1fc0eac4c79b08907ae6269
                                      • Instruction Fuzzy Hash: 4241C071904215AFDB109F74CD48B9FBBB8FF48708F10856EF545A3290E77898888F96
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00475470, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(004106F8,Changing a manifest file has no effect until you restart the program.), ref: 004754E2
                                      • __vbaStrMove.MSVBVM60 ref: 004754E9
                                      • __vbaStrCat.MSVBVM60( Do you wish to restart now?,00000000), ref: 004754F5
                                      • #595.MSVBVM60(?,00000034,?,?,?), ref: 00475513
                                      • __vbaFreeStr.MSVBVM60 ref: 0047551E
                                      • __vbaFreeVarList.MSVBVM60(00000004,00000008,?,?,?), ref: 00475536
                                      • __vbaEnd.MSVBVM60 ref: 0047554D
                                      Strings
                                      • /@, xrefs: 00475499
                                      • Changing a manifest file has no effect until you restart the program., xrefs: 004754C6
                                      • Do you wish to restart now?, xrefs: 004754F0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#595ListMove
                                      • String ID: Do you wish to restart now?$Changing a manifest file has no effect until you restart the program.$/@
                                      • API String ID: 2404876520-92509067
                                      • Opcode ID: 66c287ecb95330d9ee26b7afa6c6436748d5a498f000eaeb708d02b187bfcbe3
                                      • Instruction ID: 7f4e36c78b5d6da0478e8ac79eedb8f788d6892e24f3b96ff0fb4c355ccd63b0
                                      • Opcode Fuzzy Hash: 66c287ecb95330d9ee26b7afa6c6436748d5a498f000eaeb708d02b187bfcbe3
                                      • Instruction Fuzzy Hash: 18310FB1D01249AFDB05DFE8DA44ADEBBF9EB48700F20806AE50AF7250E6745E05CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044EF20, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaInStr.MSVBVM60(00000000,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EF66
                                      • __vbaStrCat.MSVBVM60(0041071C,?,00000000,00000001,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EF7D
                                      • __vbaStrMove.MSVBVM60(?,00000000,00000001,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EF88
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000000,00000001,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EF91
                                      • __vbaFreeStr.MSVBVM60(?,00000000,00000001,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EFA0
                                      • __vbaStrCat.MSVBVM60(00412B64,00000000,?,00000001,?,00000000,00000001,?,?,00000001), ref: 0044EFB8
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000000,00000001,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EFC3
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,00000000,00000001,?,?,00000001), ref: 0044EFCC
                                      • __vbaFreeStr.MSVBVM60(?,00000001,?,00000000,00000001,?,?,00000001,?,?,?,?,?,?,00402FE6), ref: 0044EFDF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove
                                      • String ID: /@
                                      • API String ID: 1603237890-2163338593
                                      • Opcode ID: 77c0af7fb6bb63c96695bfefd6574ddad11735995a61497462bb80a3b5391353
                                      • Instruction ID: ba892688ab69df1739791efd8910c8d7ab13289cd1e17e3a6213378f8e196720
                                      • Opcode Fuzzy Hash: 77c0af7fb6bb63c96695bfefd6574ddad11735995a61497462bb80a3b5391353
                                      • Instruction Fuzzy Hash: 9A216D79A40225AFEB109F64CD45FAA7B78FB04B00F10422AFD52E72D0D7746D448BE5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00466980, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 004669C8
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFE0B,00000000), ref: 004669FE
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00466A08
                                      • __vbaFreeVar.MSVBVM60 ref: 00466A17
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFD,00000000), ref: 00466A31
                                      • __vbaI4Var.MSVBVM60(?,00000444,00000001,00000054), ref: 00466A4C
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00466A58
                                      • __vbaFreeVar.MSVBVM60 ref: 00466A89
                                      • __vbaExitProc.MSVBVM60 ref: 00466A8F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CallErrorFreeLate$ExitProcSystem
                                      • String ID: T
                                      • API String ID: 2670260127-3187964512
                                      • Opcode ID: 6161cf111c4e902512d648fd689ba6c40b73c100df4188cdf9742f39a26435a6
                                      • Instruction ID: 7a9a1cb641b701313c76693a2431b5ecea4b1f7dcb1aebbcb704c53ae4ae1390
                                      • Opcode Fuzzy Hash: 6161cf111c4e902512d648fd689ba6c40b73c100df4188cdf9742f39a26435a6
                                      • Instruction Fuzzy Hash: AD212D71800258ABDB10DFA4DE89BDEBB78FF04700F50816AF54AB72A1DB745584CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004483B0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 67COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 0044840F
                                      • __vbaStrCat.MSVBVM60(004106F8,Called from inside ClsExtender but not part of it.), ref: 00448425
                                      • __vbaStrMove.MSVBVM60 ref: 0044842C
                                      • __vbaStrCat.MSVBVM60(This MsgBox is in ExtendedRTFSupportMod.bas,00000000), ref: 00448438
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00448451
                                      • __vbaFreeStr.MSVBVM60 ref: 0044845A
                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 00448472
                                      Strings
                                      • Ctrl+Alt+F4, xrefs: 00448405
                                      • Called from inside ClsExtender but not part of it., xrefs: 0044841B
                                      • This MsgBox is in ExtendedRTFSupportMod.bas, xrefs: 00448433
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#595ListMove
                                      • String ID: Called from inside ClsExtender but not part of it.$Ctrl+Alt+F4$This MsgBox is in ExtendedRTFSupportMod.bas
                                      • API String ID: 2404876520-1845458103
                                      • Opcode ID: 391830c9feafa51d3a0b8180fae6af8f9a0d485cf9fc0f25120968f38e3f1d21
                                      • Instruction ID: 13b4283bba53d76923af62b498091f1453d95318d1c6c292f759b777b3b36779
                                      • Opcode Fuzzy Hash: 391830c9feafa51d3a0b8180fae6af8f9a0d485cf9fc0f25120968f38e3f1d21
                                      • Instruction Fuzzy Hash: 90213BB1D00209AFDB00DFD9DA45ADEBBB8EF44700F20812AE506B7250EAB42A05CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004079E0, Relevance: 16.6, APIs: 11, Instructions: 90COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaChkstk.MSVBVM60(00000000,00402FE6), ref: 0045649E
                                      • __vbaOnError.MSVBVM60(000000FF,660DC417,00401D90,660E1A08,00000000,00402FE6), ref: 004564CE
                                      • #645.MSVBVM60(00004008,00000000), ref: 004564EE
                                      • __vbaStrMove.MSVBVM60 ref: 004564F9
                                      • #685.MSVBVM60 ref: 00456506
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00456511
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00413E68,0000001C), ref: 00456544
                                      • __vbaStrCmp.MSVBVM60(00412C18,?), ref: 0045655F
                                      • __vbaFreeObj.MSVBVM60 ref: 00456581
                                      • __vbaOnError.MSVBVM60(00000000), ref: 004565B4
                                      • __vbaFreeStr.MSVBVM60(004565D5), ref: 004565CE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$ErrorFree$#645#685CheckChkstkHresultMove
                                      • String ID:
                                      • API String ID: 2420257965-0
                                      • Opcode ID: 3dcf27c830320816e607f848b4973660047f088616e6e3bac7890b286129e91b
                                      • Instruction ID: f254786d799cc130bb64dfafdf15c7fa20c4fc37ff3ee1bba40e6a28dc8c9332
                                      • Opcode Fuzzy Hash: 3dcf27c830320816e607f848b4973660047f088616e6e3bac7890b286129e91b
                                      • Instruction Fuzzy Hash: 0A313275D40208EFDB00DFA4DA49BDEBBB4FF08705F20812AE502B72A0DB785A49DB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004070D4, Relevance: 16.6, APIs: 11, Instructions: 88COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 0044A538
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044A54C
                                      • __vbaLateIdSt.MSVBVM60(?,00000007), ref: 0044A574
                                      • __vbaLateIdSt.MSVBVM60(?,00000012), ref: 0044A598
                                      • __vbaLateIdCall.MSVBVM60(?,00000020,00000000), ref: 0044A5A6
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000006,00000000), ref: 0044A5B8
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A5C2
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A5CE
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044A5DA
                                      • __vbaExitProc.MSVBVM60 ref: 0044A5DC
                                      • __vbaFreeObj.MSVBVM60(0044A5FD), ref: 0044A5F6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$AddrefCallFree$ErrorExitProc
                                      • String ID:
                                      • API String ID: 1211590848-0
                                      • Opcode ID: 6a2f187a68dfe177ae029a486d5c9d8efb946d0e6ffb288e634b46a68960bb84
                                      • Instruction ID: 269d1d4e1209c9215dea3a9526b5edd05e07ec1003b56ede42a4221926a4202e
                                      • Opcode Fuzzy Hash: 6a2f187a68dfe177ae029a486d5c9d8efb946d0e6ffb288e634b46a68960bb84
                                      • Instruction Fuzzy Hash: 4C312F71900204ABDB00EF99CA49B9DFBB8FF48700F10865AF506AB6A1C7745944CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463DB0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 197COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRedim.MSVBVM60(00000080,00000004,?,00000003,00000001,?,?), ref: 00463E4A
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 00463EA9
                                      • __vbaFpI4.MSVBVM60(?,?), ref: 00463EB8
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00463F01
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00463F16
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,00463F7F), ref: 00463F78
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00463FA3
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00464009
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$BoundsGenerate$DestructMoveOverflowRedim_adj_fdiv_m64
                                      • String ID: /@
                                      • API String ID: 4281961486-2163338593
                                      • Opcode ID: 299a519508c1eaca09536e38df01669602083a85f01b2b4ab655a2dd5d808237
                                      • Instruction ID: b27174f9507bfb4f98dea949a6608e1b36239d59f8f1c41d37ce44dffc599731
                                      • Opcode Fuzzy Hash: 299a519508c1eaca09536e38df01669602083a85f01b2b4ab655a2dd5d808237
                                      • Instruction Fuzzy Hash: 91711771D00209EFCF14DF95C988AEEFBB9FF48301F24812AE505A7250E7746A42CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D47, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 123COMMON
                                      Download Yara Rule
                                      APIs
                                      • #593.MSVBVM60(?), ref: 0045E294
                                      • __vbaFpR4.MSVBVM60 ref: 0045E29A
                                      • __vbaFpR4.MSVBVM60 ref: 0045E2AC
                                      • __vbaFreeVar.MSVBVM60 ref: 0045E2C7
                                      • __vbaStrCopy.MSVBVM60 ref: 0045E2EB
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,0000003C), ref: 0045E30C
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045E32E
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045E348
                                      • __vbaFreeStr.MSVBVM60 ref: 0045E706
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0045E78F), ref: 0045E788
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$BoundsErrorFreeGenerate$#593CheckCopyDestructHresult
                                      • String ID: random
                                      • API String ID: 2429213779-373021397
                                      • Opcode ID: 8ef943332a1ce5efd0f4ca116587fe322f6b5dea96d2a8941fec97c574255bf5
                                      • Instruction ID: d39852fe3eabca85544b59a38a1672c37ae2bc93905f024f49cb9eb033776645
                                      • Opcode Fuzzy Hash: 8ef943332a1ce5efd0f4ca116587fe322f6b5dea96d2a8941fec97c574255bf5
                                      • Instruction Fuzzy Hash: AE515674D0022ADFCB14CF95C984AEEBBB9FF48B05F20816AE805B7241D7746A46CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00466B90, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 106COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 00466BDB
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,FFFFFDFD,00000000), ref: 00466C02
                                      • __vbaI4Var.MSVBVM60(?,0000043A,00000001,00000054), ref: 00466C1D
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00466C29
                                      • __vbaFreeVar.MSVBVM60 ref: 00466C35
                                      • __vbaExitProc.MSVBVM60 ref: 00466C5E
                                      • __vbaErrorOverflow.MSVBVM60 ref: 00466CD2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$CallExitFreeLateOverflowProcSystem
                                      • String ID: H(@$T
                                      • API String ID: 3623908403-643013327
                                      • Opcode ID: 721d692acc7dd7dc769304e6343ae04709bb74c1b5f24d874d51168c523acee0
                                      • Instruction ID: d0351d5e62e047b75ff688b5a70219f1f6f0cad7fd4c5a8e769ba417508fcbf0
                                      • Opcode Fuzzy Hash: 721d692acc7dd7dc769304e6343ae04709bb74c1b5f24d874d51168c523acee0
                                      • Instruction Fuzzy Hash: F5316D75900248AFDB10DFA8CE49B9EBBB8FF48704F10C16AF545A7290DB745944CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004781B0, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCastObj.MSVBVM60(?,004121D4), ref: 00478212
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00478219
                                      • __vbaCastObj.MSVBVM60(?,004121D4), ref: 0047824C
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00478253
                                      • __vbaCastObj.MSVBVM60(?,00411ED0,?,004121D4), ref: 0047826F
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00478273
                                      • __vbaFreeObj.MSVBVM60(?,004121D4), ref: 0047827C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Cast$Free
                                      • String ID: 8-@$/@
                                      • API String ID: 1002291735-2406885830
                                      • Opcode ID: 0a2948d6b0bbb3c8e42678f96ae6eee32456cdcef2684a37ca3ed9d3f61eafc1
                                      • Instruction ID: a129b5c04ed619dc3e6a1d4ba673eaef1faa821dea1e023352ccba846f42d02e
                                      • Opcode Fuzzy Hash: 0a2948d6b0bbb3c8e42678f96ae6eee32456cdcef2684a37ca3ed9d3f61eafc1
                                      • Instruction Fuzzy Hash: B321FD75940209EFDB00DF95C989EEFBBB8FF48740F10845AFA45A7250DB786982CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045CA40, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0045CA8F
                                      • __vbaVarTstEq.MSVBVM60(00008002,00000000), ref: 0045CA96
                                      • __vbaVarVargNofree.MSVBVM60 ref: 0045CAC0
                                      • __vbaVarVargNofree.MSVBVM60(00000000), ref: 0045CAC8
                                      • __vbaVarDiv.MSVBVM60(?,00000000), ref: 0045CACF
                                      • __vbaVarMul.MSVBVM60(?,00000002,00000000), ref: 0045CADE
                                      • __vbaR4Var.MSVBVM60(00000000), ref: 0045CAE5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$NofreeVarg
                                      • String ID: d$/@
                                      • API String ID: 2268389658-947645140
                                      • Opcode ID: e65ca0493dd05e4c5b1116fe7de2ef59ffe53c050dda392ef6f60c6f8bfb6f97
                                      • Instruction ID: 0949fa68605841304c3d89e0e64d07395b672f85e6e92719a57b98e1772422dd
                                      • Opcode Fuzzy Hash: e65ca0493dd05e4c5b1116fe7de2ef59ffe53c050dda392ef6f60c6f8bfb6f97
                                      • Instruction Fuzzy Hash: 4B2119B1900348EFCB10DFD4D989AEEBFB8BB48701F10411AE905B7250DB745989CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00444A20, Relevance: 15.1, APIs: 10, Instructions: 140COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00444A90
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00444AAC
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,00000194), ref: 00444AD7
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 00444AE7
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00444B37
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00444B53
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,0000019C), ref: 00444B7E
                                      • __vbaVarNot.MSVBVM60(?,?), ref: 00444B8E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,00000198), ref: 00444BC8
                                      • __vbaFreeVar.MSVBVM60 ref: 00444BD1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$CheckHresult$Free
                                      • String ID:
                                      • API String ID: 1503043884-0
                                      • Opcode ID: 5c6f91a20d608b2ad8f098ea7c83bc14ecac918ae84caeaaad5bb23b024e2190
                                      • Instruction ID: 8262fd394066f9d089376d0fe882bd7a047df59463278a9aa76471482260de58
                                      • Opcode Fuzzy Hash: 5c6f91a20d608b2ad8f098ea7c83bc14ecac918ae84caeaaad5bb23b024e2190
                                      • Instruction Fuzzy Hash: 6A51D474940204EFDB01DF54CA88E99FBB5FB49714B20856EF949B73A0C774AC44CB68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407021, Relevance: 15.1, APIs: 10, Instructions: 81COMMON
                                      Download Yara Rule
                                      APIs
                                      • #606.MSVBVM60(00000100,?), ref: 00448E5B
                                      • __vbaStrMove.MSVBVM60 ref: 00448E6C
                                      • __vbaFreeVar.MSVBVM60 ref: 00448E71
                                      • __vbaStrToAnsi.MSVBVM60(?,?,00000100,00000000), ref: 00448E85
                                      • __vbaSetSystemError.MSVBVM60(00001200,00000000,?,00000000,00000000), ref: 00448E9E
                                      • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00448EAC
                                      • __vbaFreeStr.MSVBVM60 ref: 00448EB5
                                      • #616.MSVBVM60(?,00000000), ref: 00448EC4
                                      • __vbaStrMove.MSVBVM60 ref: 00448ECF
                                      • __vbaFreeStr.MSVBVM60(00448F04), ref: 00448EFD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$#606#616AnsiErrorSystemUnicode
                                      • String ID:
                                      • API String ID: 1724703113-0
                                      • Opcode ID: 666bb2c31b00cd4a39111f21614efbab1d8bf1ed8883fb34b3c1a5588b322e6d
                                      • Instruction ID: d3c9813c19cd0e234dbf1921e6045d890e77bd997865022437624259cf721188
                                      • Opcode Fuzzy Hash: 666bb2c31b00cd4a39111f21614efbab1d8bf1ed8883fb34b3c1a5588b322e6d
                                      • Instruction Fuzzy Hash: 20313E71901219AFDB00DFA4CE899EFBBB9FF49740F10411AF506B7260DB745945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040795E, Relevance: 15.1, APIs: 10, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 00454C68
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00454C7C
                                      • __vbaLateIdSt.MSVBVM60(?,00000012), ref: 00454CA2
                                      • __vbaLateIdCall.MSVBVM60(?,00000020,00000000), ref: 00454CAF
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000006,00000000), ref: 00454CC0
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00454CCA
                                      • __vbaFreeVar.MSVBVM60 ref: 00454CD6
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00454CE1
                                      • __vbaExitProc.MSVBVM60 ref: 00454CE3
                                      • __vbaFreeObj.MSVBVM60(00454D04), ref: 00454CFD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$AddrefCallFree$ErrorExitProc
                                      • String ID:
                                      • API String ID: 1211590848-0
                                      • Opcode ID: 36a4f2a6d3fa9f7b2e05639f20da983ddd5a733437c39f2c2bf5a3473f047d40
                                      • Instruction ID: ed43198a79771522a235f8195d4e47f7cfc632d91715012c56bd5f0bdb60674e
                                      • Opcode Fuzzy Hash: 36a4f2a6d3fa9f7b2e05639f20da983ddd5a733437c39f2c2bf5a3473f047d40
                                      • Instruction Fuzzy Hash: 2C314F71800244AFCB00EFD9DE48E9EFBB8FF88700F10821AF506A76A1D7785944CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004063CE, Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      • #606.MSVBVM60(00000100,?,00000008,00000000,00000000), ref: 004668AC
                                      • __vbaStrMove.MSVBVM60 ref: 004668BD
                                      • __vbaFreeVar.MSVBVM60 ref: 004668C2
                                      • __vbaStrToAnsi.MSVBVM60(?,?,00000100,00000000), ref: 004668D6
                                      • __vbaSetSystemError.MSVBVM60(00001200,00000000,?,00000000,00000000), ref: 004668EF
                                      • __vbaStrToUnicode.MSVBVM60(?,?), ref: 004668FD
                                      • __vbaFreeStr.MSVBVM60 ref: 00466906
                                      • #616.MSVBVM60(?,00000000), ref: 00466915
                                      • __vbaStrMove.MSVBVM60 ref: 00466920
                                      • __vbaFreeStr.MSVBVM60(00466955), ref: 0046694E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Move$#606#616AnsiErrorSystemUnicode
                                      • String ID:
                                      • API String ID: 1724703113-0
                                      • Opcode ID: e85c1a3e145c6a9fd3438907d2bf8438c10666179c8d151dcef76fdb52a44a6b
                                      • Instruction ID: 4405d61353a48823425c56d2ee2ca6921893b418e8f672150ca3d7a6011d2af5
                                      • Opcode Fuzzy Hash: e85c1a3e145c6a9fd3438907d2bf8438c10666179c8d151dcef76fdb52a44a6b
                                      • Instruction Fuzzy Hash: 0C210A75900249ABDB10DFA5CE49DEEBBB8EF98700F10412AF505B32A0EB745945CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D61, Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      • #593.MSVBVM60(?,?,004022A8,00000000), ref: 0045EAD2
                                      • __vbaFpR8.MSVBVM60 ref: 0045EAD8
                                      • __vbaFreeVar.MSVBVM60 ref: 0045EB00
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045EB1D
                                      • __vbaStrMove.MSVBVM60 ref: 0045EB29
                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0045EB34
                                      • __vbaStrMove.MSVBVM60 ref: 0045EB3B
                                      • __vbaStrCat.MSVBVM60(0041309C,00000000), ref: 0045EB43
                                      • __vbaStrMove.MSVBVM60 ref: 0045EB4A
                                      • __vbaFreeStr.MSVBVM60 ref: 0045EB4F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$#593
                                      • String ID:
                                      • API String ID: 3926290321-0
                                      • Opcode ID: 3b3089e911f2cbfbd231159e250a126fcdbe531e4f8fa6886ad983c2d5396535
                                      • Instruction ID: a828e9451a3aa3551318612e21348879df2b647418c6d56655fb6c5e90337c4f
                                      • Opcode Fuzzy Hash: 3b3089e911f2cbfbd231159e250a126fcdbe531e4f8fa6886ad983c2d5396535
                                      • Instruction Fuzzy Hash: DD215874900209DBCB04DFA5CA44BAEB7B8FF44701F20416AEC02A3390DB78AD45CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A55, Relevance: 15.1, APIs: 10, Instructions: 64fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • #648.MSVBVM60(?,-00000001,00000000,660D2EC9), ref: 00457836
                                      • __vbaFreeVar.MSVBVM60 ref: 00457841
                                      • __vbaFileOpen.MSVBVM60(00000008,000000FF,00000000), ref: 00457852
                                      • #517.MSVBVM60 ref: 0045785E
                                      • __vbaStrMove.MSVBVM60 ref: 0045786F
                                      • __vbaStrMove.MSVBVM60 ref: 0045787A
                                      • __vbaPrintFile.MSVBVM60(00414028,00000000,00000000), ref: 00457883
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00457893
                                      • __vbaFileClose.MSVBVM60(00000000), ref: 0045789D
                                      • __vbaFreeStr.MSVBVM60(004578D1), ref: 004578CA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FileFree$Move$#517#648CloseListOpenPrint
                                      • String ID:
                                      • API String ID: 1424847551-0
                                      • Opcode ID: da6e6f41cdc9f32be5ec13a53f97e7c2155e17ed0e6b51a482f144554a12d5b4
                                      • Instruction ID: 93a8f88a8830c5bf36a01e2eba6931f113c52f9c64f359515d09b8a6ac8653e3
                                      • Opcode Fuzzy Hash: da6e6f41cdc9f32be5ec13a53f97e7c2155e17ed0e6b51a482f144554a12d5b4
                                      • Instruction Fuzzy Hash: 5A212CB4900219EFDB00DFA5DD88EAEBB78FF48705F104129F805B32A0D7785909CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046BAD0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BB44
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0046BB95
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BBE4
                                      • __vbaNew2.MSVBVM60(0040A560,00482084,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BC03
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BC16
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000010,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BC30
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BC39
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$AddrefCheckFreeHresult
                                      • String ID: (*@
                                      • API String ID: 1804898356-3500688370
                                      • Opcode ID: ba555529404aa9b66ab5defb1984fbfe036458b84090011ac2555fd4ff9e55e6
                                      • Instruction ID: 0bc60d505a47696444e2436196ecdd4137791e186badbb2d5a7b6f5bd32b7bbf
                                      • Opcode Fuzzy Hash: ba555529404aa9b66ab5defb1984fbfe036458b84090011ac2555fd4ff9e55e6
                                      • Instruction Fuzzy Hash: 13413E70900209AFCB10DF54CD49EEEBBF8FF48700B20456AF555E72A0D7B86981CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004059D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$CopyErrorListOverflow
                                      • String ID: /@
                                      • API String ID: 3866914967-2163338593
                                      • Opcode ID: 11220630b0ce2dfc8285d506522ab5b8fa61651851b5e126d121ea73a7bf5d91
                                      • Instruction ID: 8a7b05e180354bf76c27e52ed24d073dda279fe6e5b0a6355cbfc045c4a8fc50
                                      • Opcode Fuzzy Hash: 11220630b0ce2dfc8285d506522ab5b8fa61651851b5e126d121ea73a7bf5d91
                                      • Instruction Fuzzy Hash: 8E41E7B590020AEFCB05DF95C9849EEFBF8FF98304F14815AE405A7260E7B4A946CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044D320, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLenBstr.MSVBVM60(00000000), ref: 0044D370
                                      • __vbaStrCmp.MSVBVM60(0008000E,0044DE72), ref: 0044D382
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401820,00410EB8,00000090), ref: 0044D3A9
                                      • __vbaLateIdCall.MSVBVM60(00000000,00000026,00000001), ref: 0044D3DD
                                      • __vbaVarDup.MSVBVM60 ref: 0044D41C
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 0044D433
                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0044D44B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#595BstrCallCheckFreeHresultLateList
                                      • String ID: File has no name.
                                      • API String ID: 916283975-3575583039
                                      • Opcode ID: eb7795e1dcf578d142d438a836cfb2de9624aeb177ae46fec53c3aea944a7d37
                                      • Instruction ID: e75c9398146e62e1b184a4239aa50e35b71ce159479ce1ae23dec956a835d523
                                      • Opcode Fuzzy Hash: eb7795e1dcf578d142d438a836cfb2de9624aeb177ae46fec53c3aea944a7d37
                                      • Instruction Fuzzy Hash: 07410FB1D013499FDB00DF99CA84A9EBBF8FF48704F10852EE60AAB251D774AA45CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044A250, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044A2B4
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000D,00000000), ref: 0044A2EB
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044A2F5
                                      • __vbaFreeVar.MSVBVM60 ref: 0044A301
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044A355
                                      • __vbaFreeObj.MSVBVM60(0044A376), ref: 0044A36F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$AddrefFree$CallLate
                                      • String ID: /@
                                      • API String ID: 231669674-2163338593
                                      • Opcode ID: c807e5dc2181dc3f7bdbda3eae10228cdebc9da0440355ea9cffc5233c647b24
                                      • Instruction ID: 00cd864ff9445f9c1208aaa015af8a3ac5e14d469508d47bd17004cc96162655
                                      • Opcode Fuzzy Hash: c807e5dc2181dc3f7bdbda3eae10228cdebc9da0440355ea9cffc5233c647b24
                                      • Instruction Fuzzy Hash: 70414D71900209DFDB10DFA4C988EEEBBB8FF08700F14855AE51AA7650E774A941CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407337, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60 ref: 0044FCCF
                                      • __vbaVarDup.MSVBVM60 ref: 0044FCE1
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 0044FCF4
                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0044FD0C
                                      • __vbaFreeStr.MSVBVM60(0044FD49), ref: 0044FD41
                                      • __vbaFreeStr.MSVBVM60 ref: 0044FD46
                                      Strings
                                      • This doesn't work properly so it is blocked by this message untill I get it right., xrefs: 0044FCD7
                                      • LINENUMBERS, xrefs: 0044FCBF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#595List
                                      • String ID: LINENUMBERS$This doesn't work properly so it is blocked by this message untill I get it right.
                                      • API String ID: 3909208529-9542891
                                      • Opcode ID: 657b1e1826575fd18aa4529cc535bc856d813beea1c824a721a71974eb98e86d
                                      • Instruction ID: a85ac3929466720bb2bb758c186a46e8176b6037ac2d54bed64aefb7b5021212
                                      • Opcode Fuzzy Hash: 657b1e1826575fd18aa4529cc535bc856d813beea1c824a721a71974eb98e86d
                                      • Instruction Fuzzy Hash: BB3102B1C0021DAFDB14DF99D980ADDBBB8FB48700F10C12AE416B7254DB745A09CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00475CD0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCastObj.MSVBVM60(?,004121D4), ref: 00475D24
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4), ref: 00475D2F
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,004121D4), ref: 00475D37
                                      • __vbaFreeObj.MSVBVM60(?,004121D4), ref: 00475D40
                                      • __vbaLateMemSt.MSVBVM60(?,Caption), ref: 00475D86
                                      • __vbaFreeVar.MSVBVM60 ref: 00475D8F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$AddrefCastLate
                                      • String ID: @,@$Caption
                                      • API String ID: 3309357887-4021128049
                                      • Opcode ID: 90e82421190b6d8616f4e6888b76b1d9b0431b2c2680e31faca640143ffca8dd
                                      • Instruction ID: 7180f21fbd621ae8e6f42a28e1a454c52004e9fbf78862d52e774a7a37c345a0
                                      • Opcode Fuzzy Hash: 90e82421190b6d8616f4e6888b76b1d9b0431b2c2680e31faca640143ffca8dd
                                      • Instruction Fuzzy Hash: 9431F4B5D00209EFCB14DF99CA499EEFBB8FF48700B10855AE506A7260D774A945CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451CE0, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 00451D31
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 00451D3B
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 00451D45
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 00451D4F
                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451D7C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Copy$FreeList
                                      • String ID: \'b6$\'b6\par$\par
                                      • API String ID: 3729947984-2279492832
                                      • Opcode ID: caac908e5a3d3f227608ce63e560515ceb7f199e073f300880d9482f12885691
                                      • Instruction ID: 2a4782d3790bc85febd720e80e95c237d66ad26489bd347543c4da4b6f84521e
                                      • Opcode Fuzzy Hash: caac908e5a3d3f227608ce63e560515ceb7f199e073f300880d9482f12885691
                                      • Instruction Fuzzy Hash: 9721C9B1900109ABDB00DF99C945DEEFBBCEF94700F10856AE501B3160D7B86A4ACBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047A450, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrVarCopy.MSVBVM60(?), ref: 0047A4A8
                                      • __vbaStrMove.MSVBVM60 ref: 0047A4B9
                                      • #717.MSVBVM60(?,00002011,00000040,00000000), ref: 0047A4D3
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0047A4DD
                                      • __vbaStrMove.MSVBVM60 ref: 0047A4E8
                                      • __vbaFreeVar.MSVBVM60 ref: 0047A4ED
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$#717CopyFree
                                      • String ID: P.@$/@
                                      • API String ID: 2198252425-3863088537
                                      • Opcode ID: 6a6759121e8c7b3d9c7015381634f323a39af691d7d1bf891a279d37006fc8e0
                                      • Instruction ID: d4366a8eaf26e0a706bd3068f821054b0985ffb9e09e4c93dbba6fcc13accd10
                                      • Opcode Fuzzy Hash: 6a6759121e8c7b3d9c7015381634f323a39af691d7d1bf891a279d37006fc8e0
                                      • Instruction Fuzzy Hash: F721D8B5900209AFCB00DF95D9899DEFFB8FF88710F10812AF905A7260D7745545CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040724D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaInStr.MSVBVM60(00000000,\fs,00000000,00000001,?,660E6C30,00000000), ref: 0044DBF8
                                      • #631.MSVBVM60(?,-00000003,?), ref: 0044DC21
                                      • __vbaStrMove.MSVBVM60(?,-00000003,?), ref: 0044DC2C
                                      • __vbaI4Str.MSVBVM60(00000000,?,-00000003,?), ref: 0044DC33
                                      • __vbaFreeStr.MSVBVM60(?,-00000003,?), ref: 0044DC3F
                                      • __vbaFreeVar.MSVBVM60(?,-00000003,?), ref: 0044DC48
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0044DC7D
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 0044DCA5
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 0044DCCE
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000F,00000000), ref: 0044DCE0
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 0044DCEA
                                      • __vbaFreeVar.MSVBVM60 ref: 0044DCF6
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0044DD02
                                      • __vbaFreeObj.MSVBVM60(0044DD3C), ref: 0044DD35
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 0044DD59
                                      • #616.MSVBVM60(?,0044EC7E), ref: 0044DDBE
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 0044DDC9
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 0044DDD2
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 0044DDEA
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 0044DDFA
                                      • __vbaFreeStr.MSVBVM60(0044DE7C), ref: 0044DE75
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$AddrefMove$#616#631CallCopyErrorOverflow
                                      • String ID: \fs
                                      • API String ID: 2924756133-1615651425
                                      • Opcode ID: 92f24219b17a6c7aabd3def6ee6386b5b9bee5ff2250fe94f796d4a50e38b102
                                      • Instruction ID: bc5959824232f2d1ee44ca884fe0fc278a409ad79c7d774d80af2acf8c4db74b
                                      • Opcode Fuzzy Hash: 92f24219b17a6c7aabd3def6ee6386b5b9bee5ff2250fe94f796d4a50e38b102
                                      • Instruction Fuzzy Hash: B7115EB4D11259EBDB00DF94DE48AAEBBB8FF08B00F10412AF402B3260D7785545CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407AB0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaInStr.MSVBVM60(00000000,\fs,00000000,00000001,00401EC8,00000000,00000000), ref: 004589B8
                                      • #631.MSVBVM60(?,-00000003,?), ref: 004589E1
                                      • __vbaStrMove.MSVBVM60(?,-00000003,?), ref: 004589EC
                                      • __vbaI4Str.MSVBVM60(00000000,?,-00000003,?), ref: 004589F3
                                      • __vbaFreeStr.MSVBVM60(?,-00000003,?), ref: 004589FF
                                      • __vbaFreeVar.MSVBVM60(?,-00000003,?), ref: 00458A08
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00458A3D
                                      • __vbaLateIdSt.MSVBVM60(?,00000008), ref: 00458A65
                                      • __vbaLateIdSt.MSVBVM60(?,00000005), ref: 00458A8E
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000F,00000000), ref: 00458AA0
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 00458AAA
                                      • __vbaFreeVar.MSVBVM60 ref: 00458AB6
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 00458AC2
                                      • __vbaFreeObj.MSVBVM60(00458AFC), ref: 00458AF5
                                      • __vbaErrorOverflow.MSVBVM60(?), ref: 00458B19
                                      • __vbaObjSetAddref.MSVBVM60(?,00080001), ref: 00458B89
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000000B,00000000), ref: 00458BB7
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00458BC1
                                      • __vbaStrMove.MSVBVM60 ref: 00458BCC
                                      • __vbaFreeVar.MSVBVM60 ref: 00458BD5
                                      • __vbaInStr.MSVBVM60(00000000,\fs,?,00000001), ref: 00458BE7
                                      • #631.MSVBVM60(?,-00000004,?), ref: 00458C25
                                      • #561.MSVBVM60(?), ref: 00458C39
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,00000008), ref: 00458C4F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Late$AddrefMove$#631Call$#561ErrorListOverflow
                                      • String ID: \fs
                                      • API String ID: 2031022467-1615651425
                                      • Opcode ID: f9034962855b7306a02f74b33a5951a4276a144590ed47ff65d46966d78197b6
                                      • Instruction ID: cfaa22b7210414bd557d5583ad8465d3a7eb3afab688a68fae3805f30d5a7f5c
                                      • Opcode Fuzzy Hash: f9034962855b7306a02f74b33a5951a4276a144590ed47ff65d46966d78197b6
                                      • Instruction Fuzzy Hash: 84111FB5911259EBCB00DF94DD49AAEBB78FF08B01F10411AF801B3265DB785945CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00441B10, Relevance: 13.7, APIs: 9, Instructions: 210COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00409374,00482070), ref: 00441B83
                                      • __vbaNew2.MSVBVM60(0040A560,00482084), ref: 00441C00
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00441C7D
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00441CB8
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00441CED
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00441D22
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00441D5B
                                      • __vbaNew2.MSVBVM60(00407470,00482028), ref: 00441D90
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0041124C,000002B0), ref: 00441DB5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$CheckHresult
                                      • String ID:
                                      • API String ID: 853451746-0
                                      • Opcode ID: 87c6488f3315af664f04d03fa1677b149743bc62e9a1f20a30d2b39e7eb44c6c
                                      • Instruction ID: 62b7c30b44ca03a5c4e411e80b86dac60a08743c0f531b9c384f8936e1b53121
                                      • Opcode Fuzzy Hash: 87c6488f3315af664f04d03fa1677b149743bc62e9a1f20a30d2b39e7eb44c6c
                                      • Instruction Fuzzy Hash: 988172B4E40200EFDB01DF58D985E99BBB4FB09711F20467FEA45A72A0C3B46885CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045C2E0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C366
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C3AA
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C3EE
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C432
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045C476
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: FreeList__vba
                                      • String ID: @!@$/@
                                      • API String ID: 1648240596-2476891460
                                      • Opcode ID: 6a67b6859b00e935e633fde5df1e893b65ce5286035f8cac76390ef3a7772950
                                      • Instruction ID: ac7c31814304f12509571717ecc57a3efcacb03e1aa260d22c1e8782a7249f7f
                                      • Opcode Fuzzy Hash: 6a67b6859b00e935e633fde5df1e893b65ce5286035f8cac76390ef3a7772950
                                      • Instruction Fuzzy Hash: EE51BBB1C01209AFDB04CF95D984AEEFBB9FF48304F20855AE505A7241D7B56E09CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004696D0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$CopyList
                                      • String ID: /@
                                      • API String ID: 191085532-2163338593
                                      • Opcode ID: 4cf8ff37113a68e1737c17797e6b8f477d0993616f49c1f67cf52cb601e3f6d9
                                      • Instruction ID: 9e20471f4807cc645a42901d6b3b960058d9a904603c446e98ab1edb033be880
                                      • Opcode Fuzzy Hash: 4cf8ff37113a68e1737c17797e6b8f477d0993616f49c1f67cf52cb601e3f6d9
                                      • Instruction Fuzzy Hash: 303181B5900209AFCB01DF95C9849EEFBB8FF98304F14815AE805A3250D774694ACF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00468E70, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00468EB1
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410D9C,000001EC), ref: 00468EFA
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00410D9C,00000158), ref: 00468F25
                                      • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00468F34
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00468F4E
                                      • __vbaFreeObj.MSVBVM60(00468F5F,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00468F58
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$AddrefCheckHresult$BoundsErrorFreeGenerate
                                      • String ID: /@
                                      • API String ID: 1672093406-2163338593
                                      • Opcode ID: 6b7f351cdc849e4dd1607ff44eb852ef908343a76da6519ea7e7f72d921b3967
                                      • Instruction ID: 1c93b306e9d61a187f6416ae02f8afaa763b71b6a463aaaec1e86a27da885eb4
                                      • Opcode Fuzzy Hash: 6b7f351cdc849e4dd1607ff44eb852ef908343a76da6519ea7e7f72d921b3967
                                      • Instruction Fuzzy Hash: 1C314FB4A10204EFCB04EFA4DD85EAEB7B9FB49700F108169F905AB390D774AC45CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044F030, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0044F088
                                      • #560.MSVBVM60(?), ref: 0044F09F
                                      • __vbaCastObj.MSVBVM60(?,00410D8C), ref: 0044F0B0
                                      • __vbaObjSet.MSVBVM60(0040198C,00000000), ref: 0044F0B8
                                      • __vbaFreeObj.MSVBVM60 ref: 0044F0C1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#560AddrefCastFree
                                      • String ID: @$/@
                                      • API String ID: 2766336227-3834178663
                                      • Opcode ID: a399d410e47c7440dfe356d77acbd108b86eb041a196b348ad0b5d12e61f449b
                                      • Instruction ID: 823782167ac9b0f581ddcbe72d743d0f4349c595ea7259c7bc6caf8c873dd33f
                                      • Opcode Fuzzy Hash: a399d410e47c7440dfe356d77acbd108b86eb041a196b348ad0b5d12e61f449b
                                      • Instruction Fuzzy Hash: 4E216F70500649EFC710DFA4C989EEBBBB8FF48704F148419F546A3651C7746946CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00452180, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 004521D1
                                      • __vbaVarDup.MSVBVM60 ref: 00452201
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00452225
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 00452239
                                      • __vbaFreeStr.MSVBVM60(0045226B), ref: 00452264
                                      Strings
                                      • ClsRTFFontPainter, xrefs: 004521F3
                                      • Not settled enough for a hard coded description yet. You'll have to read the code itself. This class is behind the Panels on the F, xrefs: 004521B7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#595CopyList
                                      • String ID: ClsRTFFontPainter$Not settled enough for a hard coded description yet. You'll have to read the code itself. This class is behind the Panels on the F
                                      • API String ID: 3763723777-3232124887
                                      • Opcode ID: 4ce65b08659661c3944ef8a42714de9719f501fbbb2bf700fd279ba92e61476c
                                      • Instruction ID: 5dd5c6eae34bf300ca5a2ada184bcb2c081e1bbb658af26a511d27a0d1eb18fb
                                      • Opcode Fuzzy Hash: 4ce65b08659661c3944ef8a42714de9719f501fbbb2bf700fd279ba92e61476c
                                      • Instruction Fuzzy Hash: 2D21E2B1C00219AFDB00DFC8D985ADEBFB8FB48700F10811AF506B7250E7B42689CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004484C0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 00448511
                                      • __vbaVarDup.MSVBVM60 ref: 00448541
                                      • #595.MSVBVM60(?,00000000,?,?,?), ref: 00448565
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 00448579
                                      • __vbaFreeStr.MSVBVM60(004485AB), ref: 004485A4
                                      Strings
                                      • clsExtendedRTF, xrefs: 00448533
                                      • Not settled enough for a hard coded description yet. You'll have to read the code itself. This was the original submission, I have, xrefs: 004484F7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#595CopyList
                                      • String ID: Not settled enough for a hard coded description yet. You'll have to read the code itself. This was the original submission, I have$clsExtendedRTF
                                      • API String ID: 3763723777-2340155639
                                      • Opcode ID: 72c937ddb215f1839b9509da2dc4f471244fd8c1220e33695b5a014be6775307
                                      • Instruction ID: 6f4383d0531b8a4eff6057c2656ae695437af4cda70a4fb0a44f66f980d26a3c
                                      • Opcode Fuzzy Hash: 72c937ddb215f1839b9509da2dc4f471244fd8c1220e33695b5a014be6775307
                                      • Instruction Fuzzy Hash: 5621E2B1C00259AFDB04DFD8D985ADEBFB8FF48700F10811AE506B7250E7B41589CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040725A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • #616.MSVBVM60(?,0044EC7E), ref: 0044DDBE
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 0044DDC9
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 0044DDD2
                                      • __vbaInStr.MSVBVM60(00000000,{\colortbl,?,00000001), ref: 0044DDEA
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 0044DDFA
                                      • __vbaInStr.MSVBVM60(00000000,00412B58,?,00000000), ref: 0044DE12
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000000), ref: 0044DE22
                                      • #631.MSVBVM60(?,00000000,?), ref: 0044DE41
                                      • __vbaStrMove.MSVBVM60 ref: 0044DE4C
                                      • __vbaFreeStr.MSVBVM60(0044DE7C), ref: 0044DE75
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$#616#631Copy
                                      • String ID: {\colortbl
                                      • API String ID: 2313960317-3213532255
                                      • Opcode ID: cc2e7f0fe2dc39ed41a4062a1743ca682bf84e8a3107c149254f1cabf17f53e7
                                      • Instruction ID: 89fbe118abfc5b10a3b93624033e93f159e96b62f168f902a4b560fe01a813a2
                                      • Opcode Fuzzy Hash: cc2e7f0fe2dc39ed41a4062a1743ca682bf84e8a3107c149254f1cabf17f53e7
                                      • Instruction Fuzzy Hash: D721F9B5900208AFDB00EFA5C9849EEBBB8FB58710F14852AE806B7260D7786945CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407B18, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • #616.MSVBVM60(?,00459EAF), ref: 004597EB
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004597F6
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004597FF
                                      • __vbaInStr.MSVBVM60(00000000,{\fonttbl,?,00000001), ref: 00459817
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00002FE6), ref: 00459827
                                      • __vbaInStr.MSVBVM60(00000000,00412B58,?,00000000), ref: 0045983F
                                      • __vbaInStr.MSVBVM60(00000000,00412B64,?,00000000), ref: 0045984F
                                      • #631.MSVBVM60(?,00000000,?), ref: 0045986E
                                      • __vbaStrMove.MSVBVM60 ref: 00459879
                                      • __vbaFreeStr.MSVBVM60(004598A9), ref: 004598A2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeMove$#616#631Copy
                                      • String ID: {\fonttbl
                                      • API String ID: 2313960317-98201922
                                      • Opcode ID: 4d8b89eac8cc753ebaf0b4f6c6a2f089a96daa68e1ba9064cb47e8dfd6ec6e38
                                      • Instruction ID: 94f542b82b2b10a64ea98cd995a054e1efa3eec87fb879a894bf41d40108afcf
                                      • Opcode Fuzzy Hash: 4d8b89eac8cc753ebaf0b4f6c6a2f089a96daa68e1ba9064cb47e8dfd6ec6e38
                                      • Instruction Fuzzy Hash: C721F7B5900209EFDB14EF95C9859EEBBB8FF48710F14852EF906B3290D7786845CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00468D90, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00468DDE
                                      • __vbaVarTstLt.MSVBVM60(00008003,00000000), ref: 00468DE5
                                      • __vbaVargVarMove.MSVBVM60 ref: 00468E01
                                      • __vbaVarVargNofree.MSVBVM60 ref: 00468E1B
                                      • __vbaVarTstGt.MSVBVM60(00008003,00000000), ref: 00468E22
                                      • __vbaVargVarMove.MSVBVM60 ref: 00468E3E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Varg$MoveNofree
                                      • String ID: /@
                                      • API String ID: 1058442765-2163338593
                                      • Opcode ID: c61868a55d1f509b1734d03d8867b04dbf562fd8226ff4bb8fd5c72b4fad786e
                                      • Instruction ID: a51ed925f7ee84cf7e3947937c874604f808370d7aecaf3c59135071354f8b0a
                                      • Opcode Fuzzy Hash: c61868a55d1f509b1734d03d8867b04dbf562fd8226ff4bb8fd5c72b4fad786e
                                      • Instruction Fuzzy Hash: 39211AB9910219EFCB04DF94DD88ADEBBB8FB4C740F14451AE902B3350DB74A905CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004658D0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046590F
                                      • __vbaVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465916
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465924
                                      • __vbaVargVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465930
                                      • __vbaVargVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465937
                                      • __vbaFreeVar.MSVBVM60(00465948,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00465941
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Varg$Copy$Nofree$Free
                                      • String ID: /@
                                      • API String ID: 4045588064-2163338593
                                      • Opcode ID: 172f5a302b930eb4c2fe3ef370d12d288168a4513763d47e2733347ee171a3c4
                                      • Instruction ID: f11be6fb266a3b2828dc5539dcf9a4c2e3dbd52b17a61888402de44dbfde8c82
                                      • Opcode Fuzzy Hash: 172f5a302b930eb4c2fe3ef370d12d288168a4513763d47e2733347ee171a3c4
                                      • Instruction Fuzzy Hash: 9A01EC75E102689BCF04DF64DD84A9EBBB9FB58750F10442AE802B3364EB78A905CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451B80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451BBF
                                      • __vbaVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451BC6
                                      • __vbaVarVargNofree.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451BD4
                                      • __vbaVargVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451BE0
                                      • __vbaVargVarCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451BE7
                                      • __vbaFreeVar.MSVBVM60(00451BF8,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451BF1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Varg$Copy$Nofree$Free
                                      • String ID: /@
                                      • API String ID: 4045588064-2163338593
                                      • Opcode ID: 07ea662e6d2c0598291cae81550603251cf624f5015777afe569b6c89bddefa5
                                      • Instruction ID: f3b9fb9e56038e291ae1d5f3734bafff3c5e41470c03e81233d58de1be8f2e6f
                                      • Opcode Fuzzy Hash: 07ea662e6d2c0598291cae81550603251cf624f5015777afe569b6c89bddefa5
                                      • Instruction Fuzzy Hash: BC014F75E102589BCF00DF64DD84A8EBBB8FF58700F10442AE802B3364EB78A905CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00479990, Relevance: 12.1, APIs: 8, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 004799E5
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00419234,0000005C), ref: 00479A04
                                      • __vbaFreeObj.MSVBVM60 ref: 00479A13
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8), ref: 00479A28
                                      • __vbaNew2.MSVBVM60(00406AD0,004820C0), ref: 00479A47
                                      • __vbaObjSetAddref.MSVBVM60(00000000,00000000), ref: 00479A5A
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000010), ref: 00479A74
                                      • __vbaFreeObj.MSVBVM60 ref: 00479A7D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckFreeHresultNew2$Addref
                                      • String ID:
                                      • API String ID: 697168367-0
                                      • Opcode ID: 936c60b893acb9c8e31e78c9b9d5df7fb287d091f498fa8cc59cb596534bbcf5
                                      • Instruction ID: ddf88438fc00ce6633a05153a3657479e38a05ad0ee5189bd49960d48c8faa04
                                      • Opcode Fuzzy Hash: 936c60b893acb9c8e31e78c9b9d5df7fb287d091f498fa8cc59cb596534bbcf5
                                      • Instruction Fuzzy Hash: 69218275A01205ABDB10DF65CE49FEA7BB8FF05704F10846AF941E32A0D7B89941CBA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044CB20, Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004017E0,00410EB8,00000088), ref: 0044CB76
                                      • __vbaLateIdSt.MSVBVM60(0044D2C0,FFFFFDFB), ref: 0044CBA5
                                      • __vbaStrCat.MSVBVM60(00412B64,0044D45B), ref: 0044CBBA
                                      • __vbaStrMove.MSVBVM60 ref: 0044CBC7
                                      • __vbaStrCat.MSVBVM60(00080005,00000000), ref: 0044CBCE
                                      • __vbaStrMove.MSVBVM60 ref: 0044CBD5
                                      • __vbaStrCopy.MSVBVM60 ref: 0044CBDC
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0044CBEC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$CheckCopyFreeHresultLateList
                                      • String ID:
                                      • API String ID: 3162771070-0
                                      • Opcode ID: d4309bb949932e18dcbef65975a0b5b4fbf52872495c4db7f58741f2c5c44797
                                      • Instruction ID: 592f31e7641fb501d5a0e9210ccde79ca026b5030e10c2f243af8df66cf4f5d2
                                      • Opcode Fuzzy Hash: d4309bb949932e18dcbef65975a0b5b4fbf52872495c4db7f58741f2c5c44797
                                      • Instruction Fuzzy Hash: 9C2151759002059FD700DF69C9899ABFBF8FF58700F10856AF545E7260DA74A841CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00452E00, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 181COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00452F14
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00452F28
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,00452F95), ref: 00452F8E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$BoundsErrorGenerate$Destruct
                                      • String ID: /@
                                      • API String ID: 418734003-2163338593
                                      • Opcode ID: 8ecf46a93cc6bb82b98b7ca6a6ce0581076e2ade0c4ece7567b5d23c2e9c7472
                                      • Instruction ID: a1aa4dd592d1c272b4eb7861c8d2d02c16a471521979a7d695a8816113fc7b1d
                                      • Opcode Fuzzy Hash: 8ecf46a93cc6bb82b98b7ca6a6ce0581076e2ade0c4ece7567b5d23c2e9c7472
                                      • Instruction Fuzzy Hash: AD71D1B5D00209AFCB04CF99D984ADEFBF9FF98300F20811AE915A7254D7B4A945CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D2D, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158COMMON
                                      Download Yara Rule
                                      APIs
                                      • _adj_fdiv_m64.MSVBVM60(?,?), ref: 0045DC00
                                      • __vbaFpI4.MSVBVM60(?,?), ref: 0045DC0F
                                      • _adj_fdiv_m64.MSVBVM60 ref: 0045DC71
                                      • __vbaR8IntI2.MSVBVM60 ref: 0045DC80
                                      • __vbaFreeVar.MSVBVM60 ref: 0045DC8C
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045DCED
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045DD01
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0045DD6F), ref: 0045DD68
                                      • __vbaErrorOverflow.MSVBVM60 ref: 0045DD93
                                      • __vbaStrCopy.MSVBVM60 ref: 0045DE6B
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402280,00411700,0000003C), ref: 0045DE8C
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045DEAE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Error$BoundsGenerate$_adj_fdiv_m64$CheckCopyDestructFreeHresultOverflow
                                      • String ID: X"@$gfff
                                      • API String ID: 625643667-4245154915
                                      • Opcode ID: 47c241569947c64ead23965dafa7dd188d4c24932fdb229f6e7b5c69baa985b8
                                      • Instruction ID: ddf1d5c77153956137a627e58294e020d5128f5d52c90a054a3a69b97380ed7f
                                      • Opcode Fuzzy Hash: 47c241569947c64ead23965dafa7dd188d4c24932fdb229f6e7b5c69baa985b8
                                      • Instruction Fuzzy Hash: C261E2B0D00209DFDB24CFA9DA84AEEBBB5FF48301F20816EE809A7245D7755A49CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00460880, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0046092B
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00460940
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,004609A8), ref: 004609A1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$BoundsErrorGenerate$Destruct
                                      • String ID: /@
                                      • API String ID: 418734003-2163338593
                                      • Opcode ID: 151128db5954bcbde685873a2d0663f7657814f87f5de0fe9586446d7ae77220
                                      • Instruction ID: b5ec5c2f137804143f839370561d9074c38719ed049ecc97aeb820b4f6ea732a
                                      • Opcode Fuzzy Hash: 151128db5954bcbde685873a2d0663f7657814f87f5de0fe9586446d7ae77220
                                      • Instruction Fuzzy Hash: 2951F6B5D00209AFDB04DF99C984AAEFBF9FF88300F10855AE405A7350E774A946CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004679B0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrI4.MSVBVM60(?), ref: 00467A57
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,004028C8,0041202C,00000048), ref: 00467A78
                                      • __vbaStrMove.MSVBVM60 ref: 00467A87
                                      • __vbaStrMove.MSVBVM60 ref: 00467AC6
                                      • __vbaFreeStr.MSVBVM60(00467AF6), ref: 00467AEF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$CheckFreeHresult
                                      • String ID: /@
                                      • API String ID: 794015416-2163338593
                                      • Opcode ID: af656a104ccb5f12058577ac665c8db61b9fffb96b98eddb9d418f63e41a6150
                                      • Instruction ID: e0cc27e7af7c0e7a36eca982d6f86270c0aafebffed14818a4848c708f270a0c
                                      • Opcode Fuzzy Hash: af656a104ccb5f12058577ac665c8db61b9fffb96b98eddb9d418f63e41a6150
                                      • Instruction Fuzzy Hash: AB41D3B4901209EFCB14DF95D984DEEFBB9FF58304F20811AF911A3250E778AA45CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D3A, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60 ref: 0045DE6B
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402280,00411700,0000003C), ref: 0045DE8C
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045DEAE
                                      • __vbaFreeStr.MSVBVM60 ref: 0045DED5
                                      • #593.MSVBVM60(?), ref: 0045DEFE
                                      • #593.MSVBVM60(?), ref: 0045DF14
                                      • __vbaR8IntI4.MSVBVM60 ref: 0045DF36
                                      • __vbaR8IntI2.MSVBVM60 ref: 0045DF55
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 0045DF92
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0045DFC3
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0045E19A), ref: 0045E193
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#593BoundsErrorFreeGenerate$CheckCopyDestructHresultList
                                      • String ID: X"@$random
                                      • API String ID: 3729814461-1356374267
                                      • Opcode ID: 431f0b041ea96d9491937f616a399550ad7ee01def58ba4e16ed2d17dc3fcb5d
                                      • Instruction ID: c57738f9c11b1a799fb9b949a45690576e42a867d32317a62f7b3179ab597718
                                      • Opcode Fuzzy Hash: 431f0b041ea96d9491937f616a399550ad7ee01def58ba4e16ed2d17dc3fcb5d
                                      • Instruction Fuzzy Hash: 5D4136B0D00219DFCB14CF99C984AEEFBB9FF98301F20815AE805A7251D7745946CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00444400, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00444465
                                      • __vbaLateIdCallLd.MSVBVM60(?,00000000), ref: 0044446C
                                      • __vbaVarNot.MSVBVM60(?,00000000), ref: 0044447A
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004444AB
                                      • __vbaLateIdSt.MSVBVM60(00000000), ref: 004444AE
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004444BE
                                      • __vbaFreeVar.MSVBVM60 ref: 004444CA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeLate$CallList
                                      • String ID:
                                      • API String ID: 3951274441-0
                                      • Opcode ID: ff48fdc8c53f2cc322d822baa7f85fe42ef7e56c1fcdf1eaf223e2ab0540fa80
                                      • Instruction ID: ef649f6194a4836caf99b54b2d406b539d68e17c2b9fa6bbfef619b072f29418
                                      • Opcode Fuzzy Hash: ff48fdc8c53f2cc322d822baa7f85fe42ef7e56c1fcdf1eaf223e2ab0540fa80
                                      • Instruction Fuzzy Hash: 35314CB5900209AFD700DFA9C989EAABBBCFF88704F10C15AF505A7261D7759902CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040786A, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRefVarAry.MSVBVM60(?,?,00000000,-00000001), ref: 00452886
                                      • __vbaUbound.MSVBVM60(00000001), ref: 0045288D
                                      • __vbaRefVarAry.MSVBVM60(?), ref: 0045289F
                                      • __vbaLbound.MSVBVM60(00000001,?), ref: 004528A6
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 004528D1
                                      • __vbaVarVargNofree.MSVBVM60 ref: 004528DF
                                      • __vbaVarCopy.MSVBVM60 ref: 004528EA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeLboundListNofreeUboundVarg
                                      • String ID:
                                      • API String ID: 572501164-0
                                      • Opcode ID: f6146407f6bbe443b045f93fbb9e989dfd8faa199c912c4101563fff00c19836
                                      • Instruction ID: 3934fa46192e8903cfdb1c22acbd545276c8ce5ceb5d43ffe1f488d6fdc09e27
                                      • Opcode Fuzzy Hash: f6146407f6bbe443b045f93fbb9e989dfd8faa199c912c4101563fff00c19836
                                      • Instruction Fuzzy Hash: AF212FB0901208AFDB00DFA5DA49AEEBBF9FF49700F10802AF805E7261D6745A06CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004725E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8,?,?,?,?,?,?,?,?,00402FE6), ref: 00472652
                                      • __vbaNew2.MSVBVM60(00409374,00482070,?,?,?,?,?,?,?,?,00402FE6), ref: 00472671
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 00472684
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000010,?,?,?,?,?,?,?,?,00402FE6), ref: 0047269E
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 004726A7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$AddrefCheckFreeHresult
                                      • String ID: `+@
                                      • API String ID: 1804898356-3074076363
                                      • Opcode ID: 88322dce83d24ee887efeea2ae4263f0219d9074882f54028b9d9d979cff9705
                                      • Instruction ID: 218d6314d1cbbeff63bcafdad59623206f0b144a797652e90f769c19a45dfff4
                                      • Opcode Fuzzy Hash: 88322dce83d24ee887efeea2ae4263f0219d9074882f54028b9d9d979cff9705
                                      • Instruction Fuzzy Hash: C2215E75940205EFCB10DF65CE49AAEBBB9FB54700F20855BF945A32A0C3B86981CB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046BEA0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BF12
                                      • __vbaNew2.MSVBVM60(0040A560,00482084,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BF31
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BF44
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000010,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BF5E
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 0046BF67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$AddrefCheckFreeHresult
                                      • String ID: X*@
                                      • API String ID: 1804898356-2220436386
                                      • Opcode ID: 77b87ebaaa5e6bbc3c534bcb92d2f092e875eba5b187dd672007898815e73533
                                      • Instruction ID: 275acdaf9c8351ca23d5f7d40ce8c0f0f21ca56f5ebe1dd22d6ff2ab05daec40
                                      • Opcode Fuzzy Hash: 77b87ebaaa5e6bbc3c534bcb92d2f092e875eba5b187dd672007898815e73533
                                      • Instruction Fuzzy Hash: E8216075940209EBCB10DF54CE499AF7BB8FB44740F10855AF551E72A0D3B85981CFD9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004585B0, Relevance: 10.6, APIs: 7, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarIndexLoad.MSVBVM60(?,?,00000001), ref: 00458623
                                      • __vbaStrErrVarCopy.MSVBVM60(00000000), ref: 0045862D
                                      • __vbaStrMove.MSVBVM60 ref: 00458638
                                      • __vbaFreeStr.MSVBVM60 ref: 00458658
                                      • __vbaFreeVar.MSVBVM60 ref: 00458661
                                      • __vbaFreeVar.MSVBVM60(00458694), ref: 00458684
                                      • __vbaFreeStr.MSVBVM60 ref: 0045868D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CopyIndexLoadMove
                                      • String ID:
                                      • API String ID: 546951927-0
                                      • Opcode ID: 9d21f0b1ad57f05180caeb61569ea8b1ea443ddac40bb65eea9051d8bf8febff
                                      • Instruction ID: 09aaf0bf518b0aeca9ea32b71cd8f0ca17d179e1ee703d41e9990ca625e5cdb6
                                      • Opcode Fuzzy Hash: 9d21f0b1ad57f05180caeb61569ea8b1ea443ddac40bb65eea9051d8bf8febff
                                      • Instruction Fuzzy Hash: 6421E871D00209DFCB04DFA8D9489EDBBB8FF58705F14816AE406B7261DB746906CFA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407C43, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,00000000,@ @), ref: 0045B376
                                      • __vbaStrCopy.MSVBVM60(?,00000000,@ @), ref: 0045B380
                                      • __vbaStrMove.MSVBVM60(?,00000000,@ @), ref: 0045B3A4
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000,@ @), ref: 0045B3B4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Copy$FreeListMove
                                      • String ID: @ @$user
                                      • API String ID: 835628258-348958437
                                      • Opcode ID: 5b426ad55c8ef4b349ca34ca6c0405c5fc536f1877aa32ea386068ca67431ec7
                                      • Instruction ID: dad3a2c3fd1210e7eb4a887f3a8a7a493f08215c95d18c3025b1f7f7f9ed89f3
                                      • Opcode Fuzzy Hash: 5b426ad55c8ef4b349ca34ca6c0405c5fc536f1877aa32ea386068ca67431ec7
                                      • Instruction Fuzzy Hash: B821087490020AAFCB01DF95C9859EEFBF8FF58704F10816AE815B3251D7786A0ACBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040792A, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • #517.MSVBVM60(00000000), ref: 00454211
                                      • __vbaStrMove.MSVBVM60 ref: 00454225
                                      • __vbaStrCmp.MSVBVM60(beige,?), ref: 00454239
                                      • __vbaStrCmp.MSVBVM60(mauve,?), ref: 0045425C
                                      • #588.MSVBVM60(000000AF,000000AF,000000AF), ref: 00454529
                                      • __vbaFreeStr.MSVBVM60(00454577), ref: 00454570
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#517#588FreeMove
                                      • String ID: beige
                                      • API String ID: 1124915815-2034912281
                                      • Opcode ID: f949156fa1893b528ba281987b5b760618e5271566045c1db03ef5e48befa853
                                      • Instruction ID: 639e1ddc0215070dcd6b18824eb297a2cd5741b00dd8a6a0100ff6f4ae8a0bdf
                                      • Opcode Fuzzy Hash: f949156fa1893b528ba281987b5b760618e5271566045c1db03ef5e48befa853
                                      • Instruction Fuzzy Hash: CC2138B0D01208AFDB10CF55CA44B9DFBF8BF94700F20416BE905A7260D7B45985CF49
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004769C0, Relevance: 10.6, APIs: 7, Instructions: 56fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • #648.MSVBVM60(?), ref: 00476A02
                                      • __vbaFreeVar.MSVBVM60 ref: 00476A0D
                                      • __vbaFileOpen.MSVBVM60(00000002,000000FF,00000000,00000000), ref: 00476A29
                                      • __vbaFreeStr.MSVBVM60 ref: 00476A38
                                      • __vbaPrintFile.MSVBVM60(00414028,00000000,00000000), ref: 00476A4E
                                      • __vbaFreeStr.MSVBVM60 ref: 00476A5A
                                      • __vbaFileClose.MSVBVM60(00000000), ref: 00476A5D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FileFree$#648CloseOpenPrint
                                      • String ID:
                                      • API String ID: 3833946321-0
                                      • Opcode ID: c3f88379958d2b0b6c8c5ff239996c61d0b2ac6ddf45debc16322dca3fb8285b
                                      • Instruction ID: 2cd57988c493ad624744b4911952057b136fe85c43ab2ce3b03b33561fe899f3
                                      • Opcode Fuzzy Hash: c3f88379958d2b0b6c8c5ff239996c61d0b2ac6ddf45debc16322dca3fb8285b
                                      • Instruction Fuzzy Hash: 99110D7490020AAFDB00DFA4DD89EAEBB78FF49754F108119F915B22A0D7785906CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004758F0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaCastObj.MSVBVM60(?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00475941
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00475948
                                      • __vbaCastObj.MSVBVM60(?,00411E5C,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00475968
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,004121D4,?,?,?,?,?,?,00402FE6), ref: 0047596C
                                      • __vbaFreeObj.MSVBVM60(?,004121D4,?,?,?,?,?,?,00402FE6), ref: 00475975
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Cast$Free
                                      • String ID: ,@
                                      • API String ID: 1002291735-2296493516
                                      • Opcode ID: afd26a2afef86df918b61d6b09d185a77aba9964fa6d0c5946c11f3a47c4b589
                                      • Instruction ID: a52fed13e6fae3bed5eb0995472d4207fa27410232aefac83c88b35f3462044f
                                      • Opcode Fuzzy Hash: afd26a2afef86df918b61d6b09d185a77aba9964fa6d0c5946c11f3a47c4b589
                                      • Instruction Fuzzy Hash: 2B1106B5900209EFDB00DF99C989EEEFBBCEF48700F10841AF605A7260D6B869418F94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004512A0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004512E6
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004512F4
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401AF0,00410EB8,00000060,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451315
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045131E
                                      • __vbaFreeVar.MSVBVM60(0045133F,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451338
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckCopyHresult
                                      • String ID: \dbquote
                                      • API String ID: 4185434182-4030579630
                                      • Opcode ID: d4aedfd4298454e181a5e6ba649c1978e869cc1c732ea098cf19b490a6ab7b90
                                      • Instruction ID: 29e75fc53af18ec63718c9ab7d5d373d17f0885945ff0fa4899a8936d6487269
                                      • Opcode Fuzzy Hash: d4aedfd4298454e181a5e6ba649c1978e869cc1c732ea098cf19b490a6ab7b90
                                      • Instruction Fuzzy Hash: F0113A71900208AFCB00DF95CA48AEEBBB8FF58705F10845AF802B2264D7745A45CB69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451520, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451566
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451574
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401B20,00410EB8,00000060,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451595
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045159E
                                      • __vbaFreeVar.MSVBVM60(004515BF,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004515B8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckCopyHresult
                                      • String ID: \squote
                                      • API String ID: 4185434182-1509695291
                                      • Opcode ID: ac3080e9a0764d48e4920b799dfe73e1afc6dbc8c285387e26410732d943e140
                                      • Instruction ID: c907ad992ced6c4c4384b7fd2e0ed88629a08200cb35db22ad11cb83849dcbec
                                      • Opcode Fuzzy Hash: ac3080e9a0764d48e4920b799dfe73e1afc6dbc8c285387e26410732d943e140
                                      • Instruction Fuzzy Hash: 41111C71900209EFCB00DF95CA49AEEBBB8FF58745F10845AF402B3260D7745A49CF68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00456600, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#529#645BstrFreeMove
                                      • String ID: /@
                                      • API String ID: 3789665886-2163338593
                                      • Opcode ID: e57f33e5b5483fc910861199ec17d3540451c30260f1bd438e67af87b63ac2d9
                                      • Instruction ID: 5dd93c89604a1ff269bec780e7ecf8ca749d45a48e47e2c9ac800ff20936e55e
                                      • Opcode Fuzzy Hash: e57f33e5b5483fc910861199ec17d3540451c30260f1bd438e67af87b63ac2d9
                                      • Instruction Fuzzy Hash: 490144759012089BCB10DFA4CE49BDEBBF8EB14701F50416AE902B3251D7782E04CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004638B0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004638F8
                                      • __vbaBoolVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463913
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046391F
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463928
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$BoolCopy
                                      • String ID: \ulwave$x&@
                                      • API String ID: 2487474887-1952041071
                                      • Opcode ID: d013d299c79ecd2e983901e911827341f08a922562797e9c38169a12a712b6bd
                                      • Instruction ID: 789cfc0ba638a0acc3281b43516f6a124cc0f281d01c403a91a703e9c7daf4e6
                                      • Opcode Fuzzy Hash: d013d299c79ecd2e983901e911827341f08a922562797e9c38169a12a712b6bd
                                      • Instruction Fuzzy Hash: B8110C75C0024AEFCB04DFA5CA499EEFBB8FF58700F10801AE411A3260D7B85605CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461810, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461856
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461864
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046187E
                                      • __vbaFreeVar.MSVBVM60(0046189F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461898
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: ($@$\uldash
                                      • API String ID: 1326363408-3954349214
                                      • Opcode ID: bc7e61874a2bc59c20cd470884d06e66191bc6a7a8d200f5322bb8d246642cf2
                                      • Instruction ID: d2cc959719ca9df6fd4dbb6945ea916a7b19a0ef49a7ba143bf71da2ef21e4ee
                                      • Opcode Fuzzy Hash: bc7e61874a2bc59c20cd470884d06e66191bc6a7a8d200f5322bb8d246642cf2
                                      • Instruction Fuzzy Hash: BA011771800209EFCB00DF99CA48AEDFBB8FF58744F14846AE401B7260D7746A4ACF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461A80, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461AC6
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461AD4
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461AEE
                                      • __vbaFreeVar.MSVBVM60(00461B0F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461B08
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: X$@$\uldashd
                                      • API String ID: 1326363408-2882258927
                                      • Opcode ID: 157038e7c2e6ca3c7f3f6722124ef9dd0d4e0fb2e7e19c3c2a76d7d40cbdb561
                                      • Instruction ID: f44afd7e8987fb3bd11ceb82d0ecd17e14ef8e925f34c95798cc4b178dbce11e
                                      • Opcode Fuzzy Hash: 157038e7c2e6ca3c7f3f6722124ef9dd0d4e0fb2e7e19c3c2a76d7d40cbdb561
                                      • Instruction Fuzzy Hash: 6901DB71800209EFCB00DF95CA49AEDFBB8FF58745F14806AE405B3664E7746A45CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461B30, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461B76
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461B84
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461B9E
                                      • __vbaFreeVar.MSVBVM60(00461BBF,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461BB8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \uldashdd$h$@
                                      • API String ID: 1326363408-1652949257
                                      • Opcode ID: a28e43daff2d4e8502dac9eecdcc429557e0f1e99fce9ffa34c37992dfec4b08
                                      • Instruction ID: 37e31d48dbae31aa5808ea217284e6d7e32e2ac684872b0bf6942d8ade722762
                                      • Opcode Fuzzy Hash: a28e43daff2d4e8502dac9eecdcc429557e0f1e99fce9ffa34c37992dfec4b08
                                      • Instruction Fuzzy Hash: 06012D71800109EFCB00DF95CA489EDFBB8FF58744F14806AE401B3260EB746A49CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461520, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461566
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461574
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046158E
                                      • __vbaFreeVar.MSVBVM60(004615AF,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004615A8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \caps$#@
                                      • API String ID: 1326363408-1868602861
                                      • Opcode ID: 60af0302c495e7b266cb62f59594ea69f3bcf168412a824d0d903f46a0383b96
                                      • Instruction ID: 5f9c4e81760a39d5a171b093898e3f6630e4af4e5a18c6ba4442efb069573dd1
                                      • Opcode Fuzzy Hash: 60af0302c495e7b266cb62f59594ea69f3bcf168412a824d0d903f46a0383b96
                                      • Instruction Fuzzy Hash: F001B771801209EBCB00DF95CA88AEDFBB8FF58744F14806AE402B7264D7746A46CB69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461D70, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461DBD
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00402498,00411700,00000198), ref: 00461E09
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461E12
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461E1B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$CheckCopyHresult
                                      • String ID: \delete
                                      • API String ID: 4185434182-4073292185
                                      • Opcode ID: 13579a25247aeaf923c4832c3135a1d8206182e44e189cb5bb6217b0df1018eb
                                      • Instruction ID: 1d2bc94b5e9aa610545180d6098b8e15236ad170621221353c904b458936b4e0
                                      • Opcode Fuzzy Hash: 13579a25247aeaf923c4832c3135a1d8206182e44e189cb5bb6217b0df1018eb
                                      • Instruction Fuzzy Hash: BC211874901208EFCB04DF98D9889EDFBB9FF58710F14816AF805A7260D774A941CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00464330, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00464386
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 00464390
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,00402FE6), ref: 004643B4
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004643C4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Copy$FreeListMove
                                      • String ID: style
                                      • API String ID: 835628258-868071530
                                      • Opcode ID: 646759c7e98e0623063578146550a4d889300f3f6685c97b2f6ac008dcd1f7be
                                      • Instruction ID: ff98cafdee6cbbfdfe3aa14d06de9119afcc28ff8e67142ef91f7e66749504c9
                                      • Opcode Fuzzy Hash: 646759c7e98e0623063578146550a4d889300f3f6685c97b2f6ac008dcd1f7be
                                      • Instruction Fuzzy Hash: 9921EDB49002099FCB01DF95C9859EEFBF8FF58304F10815AE805B3255D7786A45CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0047F0C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F118
                                      • __vbaObjSetAddref.MSVBVM60(?,`/@,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F12E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000010,?,?,?,?,?,?,?,?,00402FE6), ref: 0047F14B
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 0047F154
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$AddrefCheckFreeHresultNew2
                                      • String ID: `/@
                                      • API String ID: 1649212984-3545656271
                                      • Opcode ID: 3f830f3337156ebc75de7681c8464ceefc824ce773a27924cdc21f3766670d09
                                      • Instruction ID: e81601a2699c5ff96ef49138b65be5befd3909a1b8739f8e12ee6cc843ee817b
                                      • Opcode Fuzzy Hash: 3f830f3337156ebc75de7681c8464ceefc824ce773a27924cdc21f3766670d09
                                      • Instruction Fuzzy Hash: 26114275900209EFCB00DF65CD89AEEBBB8FB48714F60846AF505B32A1C7785945CB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00478BA0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?), ref: 00478BE1
                                      • __vbaLateMemSt.MSVBVM60(?,Caption), ref: 00478C27
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00478C30
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$AddrefFreeLate
                                      • String ID: Caption$/@
                                      • API String ID: 3122603911-1160250269
                                      • Opcode ID: cec358fcc554abd09c519aadda3a48ddce5b2218750912c664a5ba0bbbc49407
                                      • Instruction ID: bbd3331d116d6721db641698ad6f8d3961b73cf2a94cf3f8a267a9a8bc0c083a
                                      • Opcode Fuzzy Hash: cec358fcc554abd09c519aadda3a48ddce5b2218750912c664a5ba0bbbc49407
                                      • Instruction Fuzzy Hash: DE11BDB190120AAFCB04DF98DA859AEFBB8FF08700F50856EE405B7250D674A944CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00452950, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(00401C48,?,?,?,?,?,?,?,00402FE6), ref: 004529A1
                                      • __vbaObjSetAddref.MSVBVM60(00401C50,?,?,?,?,?,?,?,?,00402FE6), ref: 004529AD
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 004529C9
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00402FE6), ref: 004529D2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Addref$CopyFree
                                      • String ID: /@
                                      • API String ID: 9214362-2163338593
                                      • Opcode ID: 96f28c9222cc45c51f0504977a452c4dba5d32a272d516c95ac8cc92013768e5
                                      • Instruction ID: c53846ed8c3e7772e86acc262f3b3e5357927bcba61016855da337b52936dc91
                                      • Opcode Fuzzy Hash: 96f28c9222cc45c51f0504977a452c4dba5d32a272d516c95ac8cc92013768e5
                                      • Instruction Fuzzy Hash: E6113AB490020AEFCB10DF55CA85DAFBBB8FF88700F10841AE905A3660D774A94ACF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00408164, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004647CD
                                      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004647F5
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,Function_00002FE6), ref: 004647FE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: '@$/@
                                      • API String ID: 1354446268-162452839
                                      • Opcode ID: f0308ec595bb4d1fec7738c361cd0cf93358c083a69356cc964f7fd12699c1b2
                                      • Instruction ID: 1de2964f31f87378009d5057879d8807032d21773fe84d0b51cf746a0d413d90
                                      • Opcode Fuzzy Hash: f0308ec595bb4d1fec7738c361cd0cf93358c083a69356cc964f7fd12699c1b2
                                      • Instruction Fuzzy Hash: 35111F7580020AEFCB01DF95C9499EEFBF8FF58700F10816AE951A3650D7786505CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451C10, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451C58
                                      • __vbaBoolVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451C73
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451C7F
                                      • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00451C88
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$BoolCopy
                                      • String ID: \'b6
                                      • API String ID: 2487474887-99394527
                                      • Opcode ID: fd9735e13816e58e7fe068e698f6ba925de49b097f749323533974d6e96bc540
                                      • Instruction ID: f75092cde9a86c696470bad42653d7b7305c96382ba40307e20e19e77b080242
                                      • Opcode Fuzzy Hash: fd9735e13816e58e7fe068e698f6ba925de49b097f749323533974d6e96bc540
                                      • Instruction Fuzzy Hash: 40110C75C0020AEFCB05DFA5C949AEEFBB8FF58701F10801AE511A3260D7785506CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463070, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004630B6
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004630C4
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004630DE
                                      • __vbaFreeVar.MSVBVM60(004630FF,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004630F8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \uldb
                                      • API String ID: 1326363408-2227182058
                                      • Opcode ID: 861b38369803998a43c867b7fca43faf9abb89464972d505547c82ea8d8f1fbf
                                      • Instruction ID: fa831263495c90cd5234d56e71d9a52c48e1ce21c7992255c465126500f56dfb
                                      • Opcode Fuzzy Hash: 861b38369803998a43c867b7fca43faf9abb89464972d505547c82ea8d8f1fbf
                                      • Instruction Fuzzy Hash: 87010975800149EFCB00DF95CA499EDFBB8FF58744F10806AE401B3264D7745A4ACF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463800, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463846
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463854
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046386E
                                      • __vbaFreeVar.MSVBVM60(0046388F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463888
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: h&@
                                      • API String ID: 1326363408-210207038
                                      • Opcode ID: e89445cef729f8f08b29649d23885a69bc2f96b631f17448845e297007ab86dd
                                      • Instruction ID: 9dff27ea303cd717e7bdc2e4bc74656e344d3a028431c7280b25a0042ebf2f1e
                                      • Opcode Fuzzy Hash: e89445cef729f8f08b29649d23885a69bc2f96b631f17448845e297007ab86dd
                                      • Instruction Fuzzy Hash: 3801C971800249EFDB04DF95CA489EDFBB8FF58744F14806AE411B3264D7B46A45CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004618C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046190D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046192A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461933
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: 8$@$\uldash
                                      • API String ID: 1354446268-1162104917
                                      • Opcode ID: f3bd4e6d9f7f3a0e25607503ffbd1d632a313c4aca88c927af328d37a50b887e
                                      • Instruction ID: 7e253b94223a8574203b376557cfadb818706aa8fc16eea5a801b5884e3ea62e
                                      • Opcode Fuzzy Hash: f3bd4e6d9f7f3a0e25607503ffbd1d632a313c4aca88c927af328d37a50b887e
                                      • Instruction Fuzzy Hash: 3C010575800209EFCB00DF95C9889EEFFB8FF58710F14416AE806B3260D7746A49CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463120, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046316D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046318A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463193
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \uldbl$%@
                                      • API String ID: 1354446268-4183568260
                                      • Opcode ID: af1126b8d0c9262ca8d2e97af658e47dd5d8855272ab783efbbd8eceb461f4a3
                                      • Instruction ID: e6e20c33d56f925ad605fdeed9a068538fc9a719a246cee0f1ff65c34d23c623
                                      • Opcode Fuzzy Hash: af1126b8d0c9262ca8d2e97af658e47dd5d8855272ab783efbbd8eceb461f4a3
                                      • Instruction Fuzzy Hash: 2C010975800209EFCB04DF95C9899DDFFB8FF58700F14415AE802A3260D7785A45CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004619A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004619ED
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461A0A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461A13
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: H$@$\uldashd
                                      • API String ID: 1354446268-2815633939
                                      • Opcode ID: 35d59e89ce9cfb4cce92cbbdcb51aaca52e5d086087f1aa690a5f6a1b301b49b
                                      • Instruction ID: 3970e24799c13653ae5c5198f9f8be152c62ad94d2c8af52de586b33a9cafcb7
                                      • Opcode Fuzzy Hash: 35d59e89ce9cfb4cce92cbbdcb51aaca52e5d086087f1aa690a5f6a1b301b49b
                                      • Instruction Fuzzy Hash: 16010575800209EFCB00DF95C9889EDFFB8FF58710F14416AE802A3660E7746A45CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463200, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463246
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463254
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046326E
                                      • __vbaFreeVar.MSVBVM60(0046328F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463288
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \ulw
                                      • API String ID: 1326363408-4119594377
                                      • Opcode ID: 0f2e40128745be932aae2e27b3e1a470ea8c070ef266da81c56ed3fa62f79b1b
                                      • Instruction ID: 665f0575c7f9b428610f7d7b87bdff30f31ee8fdcc9ae488b7ebcf801bdcf3f6
                                      • Opcode Fuzzy Hash: 0f2e40128745be932aae2e27b3e1a470ea8c070ef266da81c56ed3fa62f79b1b
                                      • Instruction Fuzzy Hash: F101ED71800149EFCB00DF95CA59AEDFBB8FF58744F14806AE411B3264D7745A49CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462BC0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462C0D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462C2A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462C33
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \sub$x%@
                                      • API String ID: 1354446268-3920354303
                                      • Opcode ID: b9c0d994fc61cca140b2d931a5ba9f694756594fef201a2c39abedbb04c4d675
                                      • Instruction ID: 08f9c89845ff5eba4583e1d711b23c622f335cf50b2fdba5652abda95401b62b
                                      • Opcode Fuzzy Hash: b9c0d994fc61cca140b2d931a5ba9f694756594fef201a2c39abedbb04c4d675
                                      • Instruction Fuzzy Hash: 31010575800209EFCB00DF95CA899DDFFB8FF58710F10416AE802A3264D7B46A45CB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461BE0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461C2D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461C4A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461C53
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \uldashdd$x$@
                                      • API String ID: 1354446268-2124456569
                                      • Opcode ID: 82ef17905565b969904e5097f2cfd84ced069b9348d6b645dc8ddb6894d07e62
                                      • Instruction ID: df8563dc452eba286b38da227b12c7a317cc3ac8091f201b01fd7dfcd71e608a
                                      • Opcode Fuzzy Hash: 82ef17905565b969904e5097f2cfd84ced069b9348d6b645dc8ddb6894d07e62
                                      • Instruction Fuzzy Hash: 21010575800209EFCB00DF95C9889DDFFB8FF58710F14416AE802A3260E7746A45CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004623E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462426
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462434
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046244E
                                      • __vbaFreeVar.MSVBVM60(0046246F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462468
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \ulhair
                                      • API String ID: 1326363408-3280462982
                                      • Opcode ID: b699f44357fa9760468f0905cdc289150245f05f629c7b800c6bc81bb1e90a09
                                      • Instruction ID: a3201550d32d263f847c93435c5cfc6b3f875f8fbf67f63ceedc02c6f4569522
                                      • Opcode Fuzzy Hash: b699f44357fa9760468f0905cdc289150245f05f629c7b800c6bc81bb1e90a09
                                      • Instruction Fuzzy Hash: D301C971900209EFCB00DF95CA899EDFBB8FF58744F14806AE451B3264DBB45A45CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461CC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461D06
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461D14
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461D2E
                                      • __vbaFreeVar.MSVBVM60(00461D4F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461D48
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \delete
                                      • API String ID: 1326363408-4073292185
                                      • Opcode ID: d2a0c833a1a2d2881af07f57e63086755837b396ec55edab8c8f953805fc7469
                                      • Instruction ID: c35c54ce09ce72a4df7193302d3fc57707d78a8ab7d261dbe86f1722e974990a
                                      • Opcode Fuzzy Hash: d2a0c833a1a2d2881af07f57e63086755837b396ec55edab8c8f953805fc7469
                                      • Instruction Fuzzy Hash: CD01D771800209EFCB00DF99CA48AEDFBB8FF58744F14806AE401B7264E7746A46CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004634F0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046353D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046355A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463563
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: 8&@$\up
                                      • API String ID: 1354446268-3344800027
                                      • Opcode ID: f382787f6665e157795ad3a6157e50be41956f755ccfe8746554d93785726ae6
                                      • Instruction ID: 1de097064fd99efb395ad9fb3c59656505a2e30d222a7fa889f3361a17618a8d
                                      • Opcode Fuzzy Hash: f382787f6665e157795ad3a6157e50be41956f755ccfe8746554d93785726ae6
                                      • Instruction Fuzzy Hash: 53010575800249EFCB04DF95C9889DEFFB8FF58714F10816AE802A3260D7B46A45CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462CA0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462CE6
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462CF4
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462D0E
                                      • __vbaFreeVar.MSVBVM60(00462D2F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462D28
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \sub
                                      • API String ID: 1326363408-131871944
                                      • Opcode ID: a85ff463d02c3003d3c4fec9255d37a110d6a42b63a08c1faf23f554d3c76553
                                      • Instruction ID: 0141a8ac98359a1b5c3b32c10ab13564b159bc67add44186f4f1aac060452c3b
                                      • Opcode Fuzzy Hash: a85ff463d02c3003d3c4fec9255d37a110d6a42b63a08c1faf23f554d3c76553
                                      • Instruction Fuzzy Hash: EB010571800209EFCB00DF99CA48AEDFBB8FF58744F10806AE401B3264D7B46A46CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462E30, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462E76
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462E84
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462E9E
                                      • __vbaFreeVar.MSVBVM60(00462EBF,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462EB8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \super
                                      • API String ID: 1326363408-3664593980
                                      • Opcode ID: 27cb1ae07a094531fe2badce24342357626d13dce3ff3c6271ea3082a4890659
                                      • Instruction ID: 693e0af9fe86a05cfd167f544e50758d6932b3978eb326bb71741b2010c8e083
                                      • Opcode Fuzzy Hash: 27cb1ae07a094531fe2badce24342357626d13dce3ff3c6271ea3082a4890659
                                      • Instruction Fuzzy Hash: 9C01D775801209EFCB00DF95CA49AEDFBB8FF58745F14806AE401B3264D7B46A46CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461F70, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461FB6
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461FC4
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461FDE
                                      • __vbaFreeVar.MSVBVM60(00461FFF,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461FF8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \uld
                                      • API String ID: 1326363408-1899119703
                                      • Opcode ID: b18a44efdb1a5120d3dfb3aadaba4b3bf0560ed3e5754583b68212eacd730c22
                                      • Instruction ID: b328798e4f11f046daf28fc6449b3ab6626c81bf3db684b06f51564266678ee9
                                      • Opcode Fuzzy Hash: b18a44efdb1a5120d3dfb3aadaba4b3bf0560ed3e5754583b68212eacd730c22
                                      • Instruction Fuzzy Hash: DC01E975800209EFCB04DF95CA48AEDFBB8FF58744F14806AE401B7264E7B46A46CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462FC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463006
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463014
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046302E
                                      • __vbaFreeVar.MSVBVM60(0046304F,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463048
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$Copy
                                      • String ID: \ulth
                                      • API String ID: 1326363408-785900197
                                      • Opcode ID: 9b75d1b03dfa8f65294ad5244418b0fba523d313307b6a8453b64dfb9c5a68f6
                                      • Instruction ID: 50ae649070030dfbb2888f16f9397537b18c92419ed63d6cbda012a1a6ddeec8
                                      • Opcode Fuzzy Hash: 9b75d1b03dfa8f65294ad5244418b0fba523d313307b6a8453b64dfb9c5a68f6
                                      • Instruction Fuzzy Hash: 9001DB75800249EFCB00DF95CA49AEDFBB8FF58744F14806AE401B3265D7745A49CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00479AC0, Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00407470,00402E34,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00479B29
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,000000E8,?,?,?,00000000,?,?), ref: 00479B79
                                      • __vbaNew2.MSVBVM60(00407470,00402E34,?,?,?,00000000,?,?), ref: 00479B8A
                                      • __vbaI2I4.MSVBVM60(?,?,?,00000000,?,?), ref: 00479B9E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411700,000001C8,?,?,?,00000000,?,?), ref: 00479BCF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresultNew2
                                      • String ID:
                                      • API String ID: 1998677070-0
                                      • Opcode ID: 65c9b92696ba6109013e45d709d66cec557a42d8c65b5c5aa25e1fd90bcfb1fc
                                      • Instruction ID: b8edcee11a80c99a599073b149d12173cdd28863c369a22ea32b2af8106d3599
                                      • Opcode Fuzzy Hash: 65c9b92696ba6109013e45d709d66cec557a42d8c65b5c5aa25e1fd90bcfb1fc
                                      • Instruction Fuzzy Hash: E1412A70900209EFDB04CF98D989FAEBBB8FF09705F10816AF549A7290D7786945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D54, Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Free$#593BoundsErrorGenerate$CheckCopyDestructHresult
                                      • String ID:
                                      • API String ID: 3574308239-0
                                      • Opcode ID: db57f4c1307bdbc6989d264f99f21cc1084451305df50943e562fd48513f861d
                                      • Instruction ID: fc0c2cf3823604bc56715e36f254839af841798bc41b8afb73d5e743ecd2917d
                                      • Opcode Fuzzy Hash: db57f4c1307bdbc6989d264f99f21cc1084451305df50943e562fd48513f861d
                                      • Instruction Fuzzy Hash: ED41D270D00209DBDB18DFAAD9849EEFBB9FF08304F60812EE809A7251D7745A49CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00406712, Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaRecUniToAnsi.MSVBVM60 ref: 00477924
                                      • __vbaSetSystemError.MSVBVM60(00000000), ref: 00477930
                                      • __vbaRecAnsiToUni.MSVBVM60(00411D20,?,?), ref: 00477948
                                      • _adj_fdiv_m64.MSVBVM60 ref: 00477977
                                      • __vbaFpR8.MSVBVM60 ref: 0047798E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Ansi$ErrorSystem_adj_fdiv_m64
                                      • String ID:
                                      • API String ID: 1167451951-0
                                      • Opcode ID: 382954102cddf3981f25ef82f9415b72737e78410dde3bdc47aaa671c2651ff0
                                      • Instruction ID: dc6a4847184ef2529b39b7cd8ce4d2ce5abcb44b8d0fa7b9ec69a2966126e3d7
                                      • Opcode Fuzzy Hash: 382954102cddf3981f25ef82f9415b72737e78410dde3bdc47aaa671c2651ff0
                                      • Instruction Fuzzy Hash: 12217371108701DBE720DF24E9087E7B7E5FF89300F508929E6C9A21A0DB759499CB5B
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004795A0, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00411FE4,00482EE8,?,?,?,?,?,?,?,00402FE6), ref: 004795F7
                                      • __vbaNew2.MSVBVM60(00406AD0,004820C0,?,?,?,?,?,?,?,00402FE6), ref: 00479616
                                      • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00402FE6), ref: 00479628
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411FD4,00000010,?,?,?,?,?,?,?,00402FE6), ref: 00479642
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0047964B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$AddrefCheckFreeHresult
                                      • String ID:
                                      • API String ID: 1804898356-0
                                      • Opcode ID: dcdbd1d27ae1fec5329d8734fa31c16ecaa9adc1434fe018ab376f2ea7c24906
                                      • Instruction ID: 2226b05dd0f3b26046d1a13c88bc1550becabff081f6ae8aa5036b8e23204989
                                      • Opcode Fuzzy Hash: dcdbd1d27ae1fec5329d8734fa31c16ecaa9adc1434fe018ab376f2ea7c24906
                                      • Instruction Fuzzy Hash: B4115175A40205ABCB10DF55CE8AEEE7BB9FB04704F60856AF505F32A0C7B85941CB6C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407A48, Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • #648.MSVBVM60(?,?,00000000,?), ref: 00457763
                                      • __vbaFreeVar.MSVBVM60(?,00000000,?), ref: 0045776E
                                      • __vbaFileOpen.MSVBVM60(00000001,000000FF,00000000,?,?,00000000,?), ref: 0045777F
                                      • #571.MSVBVM60(00000000,?,?,00000000,?), ref: 0045778C
                                      • __vbaLineInputStr.MSVBVM60(?,00000000,?,?,00000000,?), ref: 0045779C
                                      • __vbaFileClose.MSVBVM60(00000000,?,?,00000000,?), ref: 004577A9
                                      • __vbaFreeStr.MSVBVM60(004577CA,?,?,00000000,?), ref: 004577C3
                                      • __vbaErrorOverflow.MSVBVM60(?,?,00000000,?), ref: 004577E7
                                      • #648.MSVBVM60(?,-00000001,00000000,660D2EC9), ref: 00457836
                                      • __vbaFreeVar.MSVBVM60 ref: 00457841
                                      • __vbaFileOpen.MSVBVM60(00000008,000000FF,00000000), ref: 00457852
                                      • #517.MSVBVM60 ref: 0045785E
                                      • __vbaStrMove.MSVBVM60 ref: 0045786F
                                      • __vbaStrMove.MSVBVM60 ref: 0045787A
                                      • __vbaPrintFile.MSVBVM60(00414028,00000000,00000000), ref: 00457883
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00457893
                                      • __vbaFileClose.MSVBVM60(00000000), ref: 0045789D
                                      • __vbaFreeStr.MSVBVM60(004578D1), ref: 004578CA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FileFree$#648CloseMoveOpen$#517#571ErrorInputLineListOverflowPrint
                                      • String ID:
                                      • API String ID: 2423579067-0
                                      • Opcode ID: d7b68c9d7c2f7df5638c3f59b88e33f2a4a61a8fc8be4da2252f9f058779c192
                                      • Instruction ID: 2d833f4abf09bc9ac68506352a0529271daa69ca55742152edfda4b55164a478
                                      • Opcode Fuzzy Hash: d7b68c9d7c2f7df5638c3f59b88e33f2a4a61a8fc8be4da2252f9f058779c192
                                      • Instruction Fuzzy Hash: 56018470805249ABCB10DFA5ED48F9EBBBCFF48751F10012AF805B32A0C7786505CB69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00452BB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C28,00411700,0000004C,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00452C10
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C28,00411700,0000004C,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00452C31
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C28,00411700,00000030,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00452C66
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: CheckHresult__vba
                                      • String ID: /@
                                      • API String ID: 2812612143-2163338593
                                      • Opcode ID: a0bf3ada9f12c06fb0b174e5e814a5186b602cdf65291cd641d97f34627e1fe7
                                      • Instruction ID: 2011fa102806b392ce77539d2299c6d220a357121d4ca9093955dd6acefdda8d
                                      • Opcode Fuzzy Hash: a0bf3ada9f12c06fb0b174e5e814a5186b602cdf65291cd641d97f34627e1fe7
                                      • Instruction Fuzzy Hash: 2F314FB5901208AFCB10DF99C985EEEBBB8FF48700F20842AF605E3241D374A945CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004726F0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00407470,?,?,?,?,?,?,?,00402FE6), ref: 00472740
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411700,000000D4,?,?,?,?,?,?,00402FE6), ref: 00472763
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,00402FE6), ref: 00472771
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckCopyHresultNew2
                                      • String ID: p+@
                                      • API String ID: 551848230-2870742459
                                      • Opcode ID: 391f44045afad9235c71c90bdaf9638d0ec639d3511d10432ef991e4fb09e2cd
                                      • Instruction ID: 688f7b34a02eda3ff8485e2df0f9f5b01e5d6b4f2b2b4e74dfe5b65d602dbdda
                                      • Opcode Fuzzy Hash: 391f44045afad9235c71c90bdaf9638d0ec639d3511d10432ef991e4fb09e2cd
                                      • Instruction Fuzzy Hash: 8B119D35A00604EBC710DF58CB49B8ABBB8FF44750F20816AF809E36A0C774A911CBD4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0046BDD0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BE26
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411E5C,000000E0,?,?,?,?,?,?,?,?,00402FE6), ref: 0046BE4D
                                      • __vbaFreeObj.MSVBVM60 ref: 0046BE66
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckFreeHresult
                                      • String ID: H*@
                                      • API String ID: 444973724-2558494930
                                      • Opcode ID: cf12f1bc9445493d572a72ba1ff4a535bd04c7fc978428d5d2cb23a360819ec3
                                      • Instruction ID: 38879c4bdbce19c747976c714932dffa4ea5a91f568b7aab1b622955fd76f6a8
                                      • Opcode Fuzzy Hash: cf12f1bc9445493d572a72ba1ff4a535bd04c7fc978428d5d2cb23a360819ec3
                                      • Instruction Fuzzy Hash: B9119075900208AFCB00DFA4C949AEEBBB8FF48B40F10852EF642E7290D7785985CBD0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407093, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba
                                      • String ID: /@
                                      • API String ID: 3524132090-2163338593
                                      • Opcode ID: 939549f4d152e15c01d11a116c3ae60ce2a4528656d8137cd8055a589044b719
                                      • Instruction ID: 979dcb6cf12f502fbb99e6840264e58053455a7fddf1f3adbbcb281d87b1a950
                                      • Opcode Fuzzy Hash: 939549f4d152e15c01d11a116c3ae60ce2a4528656d8137cd8055a589044b719
                                      • Instruction Fuzzy Hash: B511A031508702D7C311DF24E90422BBBE5FFD5396F15486EE884A2276CB399949CB9B
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407910, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba
                                      • String ID: /@
                                      • API String ID: 3524132090-2163338593
                                      • Opcode ID: 939549f4d152e15c01d11a116c3ae60ce2a4528656d8137cd8055a589044b719
                                      • Instruction ID: 979dcb6cf12f502fbb99e6840264e58053455a7fddf1f3adbbcb281d87b1a950
                                      • Opcode Fuzzy Hash: 939549f4d152e15c01d11a116c3ae60ce2a4528656d8137cd8055a589044b719
                                      • Instruction Fuzzy Hash: B511A031508702D7C311DF24E90422BBBE5FFD5396F15486EE884A2276CB399949CB9B
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040649E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba
                                      • String ID: /@
                                      • API String ID: 3524132090-2163338593
                                      • Opcode ID: 939549f4d152e15c01d11a116c3ae60ce2a4528656d8137cd8055a589044b719
                                      • Instruction ID: 979dcb6cf12f502fbb99e6840264e58053455a7fddf1f3adbbcb281d87b1a950
                                      • Opcode Fuzzy Hash: 939549f4d152e15c01d11a116c3ae60ce2a4528656d8137cd8055a589044b719
                                      • Instruction Fuzzy Hash: B511A031508702D7C311DF24E90422BBBE5FFD5396F15486EE884A2276CB399949CB9B
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045B550, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045B594
                                      • __vbaVarMove.MSVBVM60 ref: 0045B5CC
                                      • __vbaFreeStr.MSVBVM60 ref: 0045B5D5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: /@
                                      • API String ID: 1354446268-2163338593
                                      • Opcode ID: 49743ec93e35855abef16c27d923806b9c3f4133ca5701b484ffa46850af4919
                                      • Instruction ID: 33017bab037d71dc894cea4da98c8823b2b3d8dd1fb3a36597a9aacd448b728e
                                      • Opcode Fuzzy Hash: 49743ec93e35855abef16c27d923806b9c3f4133ca5701b484ffa46850af4919
                                      • Instruction Fuzzy Hash: 0911C5B5C00219AFCB00DF99C988ADEBBB8FB4CB04F14815AF815B7254D7B45949CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00467060, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00402FE6), ref: 004670AB
                                      • __vbaObjSetAddref.MSVBVM60(x(@,?,?,?,?,?,?,00402FE6), ref: 004670B7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: Addref__vba
                                      • String ID: x(@$/@
                                      • API String ID: 1488654702-419701925
                                      • Opcode ID: 934de59f9a85ce1c1c026f4b3eeb7bcf8dddfb4b1c444a1533b99ec897ee982c
                                      • Instruction ID: 4be9d6cb70cdfc23e8934e437ccba90069df0ab4878333ef2419695edf193866
                                      • Opcode Fuzzy Hash: 934de59f9a85ce1c1c026f4b3eeb7bcf8dddfb4b1c444a1533b99ec897ee982c
                                      • Instruction Fuzzy Hash: EC011376900248EFC700DF59CA84E9AFBB8FF98710F10806AE805A7660C775AD05CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00464860, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004648AD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004648CE
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004648D7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: @'@
                                      • API String ID: 1354446268-599959335
                                      • Opcode ID: 7cc19fa4c2320629de0fe20e197b1713e9740c62418bfffd1d76f4720f7d5420
                                      • Instruction ID: 10864c871f39b42ae3f3a4ee530020f50b1d68c995f8af58cefa07c8fbefb5d4
                                      • Opcode Fuzzy Hash: 7cc19fa4c2320629de0fe20e197b1713e9740c62418bfffd1d76f4720f7d5420
                                      • Instruction Fuzzy Hash: DA110975800209EFCB04DF95CA899DEFFB8FF58710F10416AE406A3264D7746989CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462170, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004621BD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004621DA
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004621E3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \dn
                                      • API String ID: 1354446268-830270522
                                      • Opcode ID: 96daa7b3e61e54ab89eccb1a25d7b2f05f853d5bba480d72de22f364f2194efe
                                      • Instruction ID: 70dbe2f4b3770ca02552ed45890dd23d3fefc1e77f583e7f7c4ab1d1d13567b7
                                      • Opcode Fuzzy Hash: 96daa7b3e61e54ab89eccb1a25d7b2f05f853d5bba480d72de22f364f2194efe
                                      • Instruction Fuzzy Hash: 4B010575800209EFCB14DF95CA889EDFFB8FF58700F10416AE802B3264D7B46A85CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004632B0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004632FD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046331A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463323
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \ulw
                                      • API String ID: 1354446268-4119594377
                                      • Opcode ID: 66d264f78e60c88d396e27d1386e562abfab1b1f5f2871b48a1931f13375cfa5
                                      • Instruction ID: 8ec06a4c477b180023fdfd6e85119fdfb7f7db1b1b5db15012399314b9973657
                                      • Opcode Fuzzy Hash: 66d264f78e60c88d396e27d1386e562abfab1b1f5f2871b48a1931f13375cfa5
                                      • Instruction Fuzzy Hash: 1F011B75800209EFCB00DF95C9889DDFFB8FF58710F14816AE802B3260D7745A85CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451360, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004513AD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004513CA
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004513D3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \dbquote
                                      • API String ID: 1354446268-4030579630
                                      • Opcode ID: a1c74171ee50b2f4c60047aa788d10d1d55f02fab1c7da72129b2abc97f59158
                                      • Instruction ID: 7ed3b6544044ec78c5c2421094bd91ae224e07bd8cb3c2fb31bb87e9257f36fa
                                      • Opcode Fuzzy Hash: a1c74171ee50b2f4c60047aa788d10d1d55f02fab1c7da72129b2abc97f59158
                                      • Instruction Fuzzy Hash: DA010575800209EFCB04DF95C989ADDFFB8FF58701F10806AE802B7264D7746A4ACBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00451440, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0045148D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004514AA
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004514B3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \squote
                                      • API String ID: 1354446268-1509695291
                                      • Opcode ID: b25d8fd4c3ef6414e5fcb6e9d4df5b2841a6d6b36d57ed7f5cb780b2fa37dfc5
                                      • Instruction ID: 18cfdb6b2e72bb73b57203c7cf89b52e184bb4ce558e0af56027ec2a766fe425
                                      • Opcode Fuzzy Hash: b25d8fd4c3ef6414e5fcb6e9d4df5b2841a6d6b36d57ed7f5cb780b2fa37dfc5
                                      • Instruction Fuzzy Hash: F301F775800209ABCB14DF95CA89ADDFFB8FF58700F10415AE801A3264D7746945CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462490, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004624DD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004624FA
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462503
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \ulhair
                                      • API String ID: 1354446268-3280462982
                                      • Opcode ID: 2213802fe6983f0b8f695348afb2b52b2cdd780ce7b73b6a689646e24a8de09d
                                      • Instruction ID: 958ee572d1cd8de393f4cb534e9b3fddab25e51bb97d92300380d193f656ec0e
                                      • Opcode Fuzzy Hash: 2213802fe6983f0b8f695348afb2b52b2cdd780ce7b73b6a689646e24a8de09d
                                      • Instruction Fuzzy Hash: 04010575800209EFDB10DF95DA899DEFFB8FF58700F10416AE802B3260E7B46A85CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462D50, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462D9D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462DBA
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462DC3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \super
                                      • API String ID: 1354446268-3664593980
                                      • Opcode ID: fa67023cc2e889c370adeaddd6da3b772fc3176b71363f416b8a1629c8d827fb
                                      • Instruction ID: 7746ce490c6578360544a0bd4bc6dbcb85dd45cbe6ef90f71df067293b46af17
                                      • Opcode Fuzzy Hash: fa67023cc2e889c370adeaddd6da3b772fc3176b71363f416b8a1629c8d827fb
                                      • Instruction Fuzzy Hash: 6A011775800209EFCB04DF95CA89ADDFFB8FF58700F14416AE802B3660D7B46A45CB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004615D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046161D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046163A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461643
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \caps
                                      • API String ID: 1354446268-3178526045
                                      • Opcode ID: 591fec54c7b26bd81b2bb0ce2be4fb9332e409a78e204077cf02bfce82d00d10
                                      • Instruction ID: 700ef0f0345c2059dce00777ea5a8e17ba73d8d8be5a7800ff71b140cc2da92b
                                      • Opcode Fuzzy Hash: 591fec54c7b26bd81b2bb0ce2be4fb9332e409a78e204077cf02bfce82d00d10
                                      • Instruction Fuzzy Hash: B9011775800209EFCB04DF95CA88ADDFFB8FF58700F14416AE802B3260D7B46A45CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462EE0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462F2D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462F4A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462F53
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \ulth
                                      • API String ID: 1354446268-785900197
                                      • Opcode ID: cdffb06523d282fa503d68a5079d18824ac2e06a97316f6940a6854763bd849c
                                      • Instruction ID: c73df6314422ef91af800f36f6dd5771f7ab00a24472c5a89c3f4099570d19ec
                                      • Opcode Fuzzy Hash: cdffb06523d282fa503d68a5079d18824ac2e06a97316f6940a6854763bd849c
                                      • Instruction Fuzzy Hash: 1F010575800209EFCB05DF95CA89ADDFFB8FF58700F10416AE802A3260D7B86A45CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461E90, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461EDD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461EFA
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00461F03
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: \uld
                                      • API String ID: 1354446268-1899119703
                                      • Opcode ID: 9badbfa4e7c0f041f39a71553597cd6c44f023a667c7a64ec7ad2aecab23c02d
                                      • Instruction ID: d2f248f15ed69c8e3a8411b035934dfc838eeb1974122926953be83ebf519498
                                      • Opcode Fuzzy Hash: 9badbfa4e7c0f041f39a71553597cd6c44f023a667c7a64ec7ad2aecab23c02d
                                      • Instruction Fuzzy Hash: E6011775800209EFCB04DF95C9889DDFFB8FF58710F14416AE802B3260E7746A45CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463720, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046376D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046378A
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00463793
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFreeMove
                                      • String ID: X&@
                                      • API String ID: 1354446268-686580910
                                      • Opcode ID: 42dc125902bfdf071be7e29d67a6b09654961c6b703609a16dbdb8634cd43c63
                                      • Instruction ID: d92bfe6bd8a327360a96f08594c0917f7976157832b81c4722ed546f982895e9
                                      • Opcode Fuzzy Hash: 42dc125902bfdf071be7e29d67a6b09654961c6b703609a16dbdb8634cd43c63
                                      • Instruction Fuzzy Hash: 8C0109B5800209EFCB00DF95C988DDEFFB8FF58700F10815AE406A3260D7B46A45CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462B20, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462B60
                                      • __vbaLateIdSt.MSVBVM60(?,0000001A,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462B8A
                                      • __vbaFreeVar.MSVBVM60(00462B9F,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462B98
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeLate
                                      • String ID: h%@
                                      • API String ID: 3751497967-665506557
                                      • Opcode ID: e8269815eaa22235ef3a457fb274a3a8d25d3d078ee0e9d8f4fcf7ab6001a078
                                      • Instruction ID: 3d261bc6f4bff80361170c5b5a31764b7739724c323e0ce41250a284f4bcfa6c
                                      • Opcode Fuzzy Hash: e8269815eaa22235ef3a457fb274a3a8d25d3d078ee0e9d8f4fcf7ab6001a078
                                      • Instruction Fuzzy Hash: E4014C71900209EFDB04DFA9CA49A9DFBF8FF48740F1081A9F505A7290D774AA44CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462630, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00462670
                                      • __vbaLateIdSt.MSVBVM60(?,00000019,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046269A
                                      • __vbaFreeVar.MSVBVM60(004626AF,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004626A8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeLate
                                      • String ID: 8%@
                                      • API String ID: 3751497967-1259797581
                                      • Opcode ID: 86ae1aa0e7a905a0c271b0043a3ae1562dd8011d5cd5d7bd759eb6bc0f80d6c1
                                      • Instruction ID: 72392f056c4b132626e89904d4e6314fd61a85374976c2288981c23b28d5de9e
                                      • Opcode Fuzzy Hash: 86ae1aa0e7a905a0c271b0043a3ae1562dd8011d5cd5d7bd759eb6bc0f80d6c1
                                      • Instruction Fuzzy Hash: 4F014C71900209EFCB04DFA9DA49A9DFBF8FF48700F1081AAF505A7290D774AA44CF99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407D20, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaI2I4.MSVBVM60(?,X"@,66107570), ref: 0045DA04
                                      • __vbaI2I4.MSVBVM60(00000000), ref: 0045DA12
                                      • __vbaI2I4.MSVBVM60 ref: 0045DA1F
                                      • __vbaI2I4.MSVBVM60(000000FF,00000000), ref: 0045DA3E
                                      • #588.MSVBVM60(000000FF,00000000,00000000), ref: 0045DACA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#588
                                      • String ID: X"@
                                      • API String ID: 674990138-1283498410
                                      • Opcode ID: 5fc52521d50bd613075809e5a4a8876171652cee62abc8eccd0e42f1800d8382
                                      • Instruction ID: cf8bc33e70b04bc959c892c681eb0fd987d185fb24b7cb0e61b962ee17fff797
                                      • Opcode Fuzzy Hash: 5fc52521d50bd613075809e5a4a8876171652cee62abc8eccd0e42f1800d8382
                                      • Instruction Fuzzy Hash: 1EF0A936608202AFC314CF69C84497B77E8EFC9351B04443AF946D7261CA304C8A9B62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004079B9, Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                      Download Yara Rule
                                      APIs
                                      • _adj_fdiv_m64.MSVBVM60 ref: 00455AEC
                                      • __vbaFpI4.MSVBVM60 ref: 00455AFB
                                      • __vbaI2I4.MSVBVM60 ref: 00455B4D
                                      • __vbaGenerateBoundsError.MSVBVM60 ref: 00455BE1
                                      • #588.MSVBVM60(?,?,?), ref: 00455C00
                                      • __vbaAryDestruct.MSVBVM60(00000000,?,00455C6F), ref: 00455C68
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$#588BoundsDestructErrorGenerate_adj_fdiv_m64
                                      • String ID:
                                      • API String ID: 642322695-0
                                      • Opcode ID: 6fd6b8becaedd75f7e1897bf675c3bba1a525235646ee166223477dd103c30c5
                                      • Instruction ID: fe913f2954a13bc2d8b072621407cb9e1b63608b49a3e7722906479f28ec2127
                                      • Opcode Fuzzy Hash: 6fd6b8becaedd75f7e1897bf675c3bba1a525235646ee166223477dd103c30c5
                                      • Instruction Fuzzy Hash: FD515575C00A09DFCB08CFA5C9989EEBBB5FF58301F14812EE806A7351D7746949CB68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040788E, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 798d36b0ae214abec00ff509347bbc380bc211eb532c4a258032e67fd0e13632
                                      • Instruction ID: 46d668cd165be6903351c7bf18f21543e4612a397c78eb36773be0f9ef31d996
                                      • Opcode Fuzzy Hash: 798d36b0ae214abec00ff509347bbc380bc211eb532c4a258032e67fd0e13632
                                      • Instruction Fuzzy Hash: D051EE71118341EFD340DF15C68896BBBE8FFD9700F91996EF8C5A2260E3349865CB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004442E0, Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,?,00402FE6), ref: 00444349
                                      • __vbaNew2.MSVBVM60(00407470,00482028,?,?,?,?,?,?,?,00402FE6), ref: 0044437D
                                      • __vbaNew2.MSVBVM60(00406514,00482034,?,?,?,?,?,?,?,00402FE6), ref: 004443B1
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00411D10,0000001C,?,?,?,?,?,?,?,00402FE6), ref: 004443D2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$New2$CheckHresult
                                      • String ID:
                                      • API String ID: 853451746-0
                                      • Opcode ID: f70af069aba5e561184f1feb18183d06b34c29c6957dcf284731c1ff9a58c7b1
                                      • Instruction ID: 009823ae7d16bdfe06a5e423f68edf51cbf71a952c25555899d5e0dbe7885880
                                      • Opcode Fuzzy Hash: f70af069aba5e561184f1feb18183d06b34c29c6957dcf284731c1ff9a58c7b1
                                      • Instruction Fuzzy Hash: F631A130740204EBE714DF68DA09F5A7BE8FB59B44F10406AF901EB2A0C3B8A801CB58
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004071A4, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaOnError.MSVBVM60(00000001), ref: 0044C6B4
                                      • __vbaLateIdCall.MSVBVM60(?,00000025,00000001), ref: 0044C6E8
                                      • __vbaStrCopy.MSVBVM60 ref: 0044C6F6
                                      • __vbaExitProc.MSVBVM60 ref: 0044C806
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CallCopyErrorExitLateProc
                                      • String ID:
                                      • API String ID: 3776995095-0
                                      • Opcode ID: 07edb5eda78073bea32ca31b7fc4b87826fd93252060532db5d6e9bb74a5e546
                                      • Instruction ID: 1e8300610454e82bf35a134d718c9a9aa73bb8a84d0d7f95bb388be0f2cade8b
                                      • Opcode Fuzzy Hash: 07edb5eda78073bea32ca31b7fc4b87826fd93252060532db5d6e9bb74a5e546
                                      • Instruction Fuzzy Hash: 0721E6B4901308DFDB10DF99CA85A9EFBB4FF08700F64816EE449A7251C7749944CF99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407ACA, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdCallLd.MSVBVM60(?,0045956F,00000009,00000000), ref: 00458EC8
                                      • __vbaStrVarMove.MSVBVM60(00000000), ref: 00458ED2
                                      • __vbaLateIdSt.MSVBVM60(0045956F,0000000B), ref: 00458EFF
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00458F0F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$CallFreeListMove
                                      • String ID:
                                      • API String ID: 993618028-0
                                      • Opcode ID: 42fe8cc7437af22a251ad37dec3d04f3197930a8a5cf9daef92ecb6f8c65d793
                                      • Instruction ID: 2e6740751fc9f44e33fff9bd1e729f4628efaa32c68d80eab43e8163183acb0c
                                      • Opcode Fuzzy Hash: 42fe8cc7437af22a251ad37dec3d04f3197930a8a5cf9daef92ecb6f8c65d793
                                      • Instruction Fuzzy Hash: 21114AB1901208AFD700DF98DA49AAEFBF9FF48700F14856EF909A7251DA746904CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040923A, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004108D0,00000098), ref: 00441406
                                      • __vbaI2I4.MSVBVM60 ref: 00441418
                                      • __vbaI2I4.MSVBVM60 ref: 0044142E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004108D0,0000009C), ref: 0044144E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresult
                                      • String ID:
                                      • API String ID: 713191129-0
                                      • Opcode ID: 5dbfd54ac683f239b67ff75e5de8c3ea9243dcacfa0bba77225c81f31266c5d3
                                      • Instruction ID: 2a2df59d9d8c19ae27d9d42075c447940da1dc4060633f6b7402e37c6266d798
                                      • Opcode Fuzzy Hash: 5dbfd54ac683f239b67ff75e5de8c3ea9243dcacfa0bba77225c81f31266c5d3
                                      • Instruction Fuzzy Hash: 30018C30204310BAE7106F369C08F6B67ACFF55755F10843EF64AE31A2C67894899BBA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00461750, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdSt.MSVBVM60(00080007,0000000D), ref: 004617AE
                                      • __vbaLateIdCallLd.MSVBVM60(?,00080007,0000000D,00000000), ref: 004617BF
                                      • __vbaI4Var.MSVBVM60(00000000), ref: 004617C9
                                      • __vbaFreeVar.MSVBVM60 ref: 004617D5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Late$CallFree
                                      • String ID:
                                      • API String ID: 2692213697-0
                                      • Opcode ID: 49c06f126b4933efb9b6073a4dbdf319297fa9f3cde78e190a65b5f73e1fa32a
                                      • Instruction ID: 5e6cd4256d996cef4c9734bcd6ded0afa6fbf9b75e31a7812b182be4d5fb0cb6
                                      • Opcode Fuzzy Hash: 49c06f126b4933efb9b6073a4dbdf319297fa9f3cde78e190a65b5f73e1fa32a
                                      • Instruction Fuzzy Hash: 64111C75900204AFD700DFA9CA49A9AFBF8FF48700F14856AF905A7751D674A940CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407378, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(00412B64,?,?,00000001,?,660E6C30,660E6FE2), ref: 00450A0A
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,660E6C30,660E6FE2), ref: 00450A17
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,660E6C30,660E6FE2), ref: 00450A1B
                                      • __vbaFreeStr.MSVBVM60(?,00000001,?,660E6C30,660E6FE2), ref: 00450A2E
                                      • __vbaStrCat.MSVBVM60(0041071C,?,?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450A5D
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450A64
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450A69
                                      • __vbaFreeStr.MSVBVM60(?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450A7C
                                      • __vbaStrCat.MSVBVM60(0041305C,?,00000000,00000001,?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450A9E
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450AA5
                                      • __vbaStrCat.MSVBVM60(00412C2C,00000000,?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450AAD
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450AB4
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450AB9
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000001,?,00000001,?,660E6C30,660E6FE2), ref: 00450AD3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List
                                      • String ID:
                                      • API String ID: 248196268-0
                                      • Opcode ID: 0b1ba1a017406b62020c31a2f940ae0e95bc83935bb4534d5135ef3391d82b63
                                      • Instruction ID: e673e239c7e0cc5865ce7cf81264015f1db9f5fb0e0ff7fcf42ab7f5e6dfaca3
                                      • Opcode Fuzzy Hash: 0b1ba1a017406b62020c31a2f940ae0e95bc83935bb4534d5135ef3391d82b63
                                      • Instruction Fuzzy Hash: 31018479900315EBC710DF54CE85AAFBBB8FB04B04F10816AFC02A3691C7786A45CBE9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407DC9, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCat.MSVBVM60(00412B64,?,?,00000001,00000001,?,?), ref: 004606AA
                                      • __vbaStrMove.MSVBVM60(?,00000001,00000001,?,?), ref: 004606B7
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,00000001,?,?), ref: 004606BB
                                      • __vbaFreeStr.MSVBVM60(?,00000001,00000001,?,?), ref: 004606CE
                                      • __vbaStrCat.MSVBVM60(0041071C,?,?,00000001,?,00000001,00000001,?,?), ref: 004606FD
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000001,00000001,?,?), ref: 00460704
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,00000001,00000001,?,?), ref: 00460709
                                      • __vbaFreeStr.MSVBVM60(?,00000001,?,00000001,00000001,?,?), ref: 0046071C
                                      • __vbaStrCat.MSVBVM60(0041305C,?,00000000,00000001,?,00000001,?,00000001,00000001,?,?), ref: 0046073E
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000001,00000001,?,?), ref: 00460745
                                      • __vbaStrCat.MSVBVM60(00412C2C,00000000,?,00000001,?,00000001,00000001,?,?), ref: 0046074D
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,00000001,00000001,?,?), ref: 00460754
                                      • __vbaInStr.MSVBVM60(00000000,00000000,?,00000001,?,00000001,00000001,?,?), ref: 00460759
                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000001,?,00000001,00000001,?,?), ref: 00460773
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$Move$Free$List
                                      • String ID:
                                      • API String ID: 248196268-0
                                      • Opcode ID: b5e072718f38bb4755408165f75d4c8c2a331932cba0c13a0643e3006dee03cb
                                      • Instruction ID: 53ddc4e6a5d477a6baf668453e92b15ba4cc9da303be31b3f66bc0585d96b0a8
                                      • Opcode Fuzzy Hash: b5e072718f38bb4755408165f75d4c8c2a331932cba0c13a0643e3006dee03cb
                                      • Instruction Fuzzy Hash: B6014075A04215EBD711DF54CE45EAFBBB8FB44B04F10822AF802A7290D7786D45CBEA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00452C90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C30,00411700,0000004C,?,?,?,?,?,?,?,?,00402FE6), ref: 00452CE7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401C30,00411700,00000030,?,?,?,?,?,?,?,?,00402FE6), ref: 00452D31
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: CheckHresult__vba
                                      • String ID: /@
                                      • API String ID: 2812612143-2163338593
                                      • Opcode ID: 29b270923c3907068d27cb7cce835acf9d404200cf17d730cb34dfb65b44fc4d
                                      • Instruction ID: c7eb5b289a7994cd9160c79bbf575f91f2793989df187544d240276c2c4b5759
                                      • Opcode Fuzzy Hash: 29b270923c3907068d27cb7cce835acf9d404200cf17d730cb34dfb65b44fc4d
                                      • Instruction Fuzzy Hash: 7E2108B5900209EFDB01DF99C989EEEBBBCFF58740F10841AF905A3250D778A901CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004593B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401F28,00411700,0000004C,?,?,?,?,?,?,?,?,00402FE6), ref: 00459404
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401F28,00411700,00000078,?,?,?,?,?,?,?,?,00402FE6), ref: 00459433
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: CheckHresult__vba
                                      • String ID: /@
                                      • API String ID: 2812612143-2163338593
                                      • Opcode ID: d964340494b7cb13659e0f4a6d6547f5a579fcc8ead95339ffb9e211b8270c75
                                      • Instruction ID: c66751ed5b8a0a6a4020f9899313a8844cd43a7a517cf68afd3a6e7763abab61
                                      • Opcode Fuzzy Hash: d964340494b7cb13659e0f4a6d6547f5a579fcc8ead95339ffb9e211b8270c75
                                      • Instruction Fuzzy Hash: 49212C75940208EFD700DF99C989EAEBBF8EF59751F20841AF905E3250C7749941CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00455610, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401D48,00411700,0000004C,?,?,?,?,?,?,?,?,00402FE6), ref: 00455664
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401D48,00411700,00000060,?,?,?,?,?,?,?,?,00402FE6), ref: 00455693
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: CheckHresult__vba
                                      • String ID: /@
                                      • API String ID: 2812612143-2163338593
                                      • Opcode ID: 5eed1e90aa3ebbfc93d8526c3a53e1764f8a152a1bd5b2865b44b2c54bdcefdc
                                      • Instruction ID: 2a3be83db66a9cb97a52828e4a3713234ee3444ce19ff538cf64db392f98a357
                                      • Opcode Fuzzy Hash: 5eed1e90aa3ebbfc93d8526c3a53e1764f8a152a1bd5b2865b44b2c54bdcefdc
                                      • Instruction Fuzzy Hash: 1B213E75900608EFC700DF99C945EAFBBB8FF48751F20841AF905E7250C774A901CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004556C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401D50,00411700,0000004C,?,?,?,?,?,?,?,?,00402FE6), ref: 00455714
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401D50,00411700,0000005C,?,?,?,?,?,?,?,?,00402FE6), ref: 00455743
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: CheckHresult__vba
                                      • String ID: /@
                                      • API String ID: 2812612143-2163338593
                                      • Opcode ID: f99f96e6c1c33ba5dcfd527e6fd2b5e53cc2faa9153a8a31b2098a2a48f66c02
                                      • Instruction ID: d696f3cbe3d0659292b8cf729ea612bfcb6968a4606190b8919c3182a9664f37
                                      • Opcode Fuzzy Hash: f99f96e6c1c33ba5dcfd527e6fd2b5e53cc2faa9153a8a31b2098a2a48f66c02
                                      • Instruction Fuzzy Hash: 2D212975900608EFDB00DF99C989EAFBBB8EF88751F20845AF905E3251C774A901CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462250, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 004622D0
                                      • __vbaLateIdSt.MSVBVM60(?,0000000F), ref: 004622FD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$FreeLateList
                                      • String ID: $@
                                      • API String ID: 2189669484-1661285546
                                      • Opcode ID: 882101de706bf398a324ded7b0b9a856cc68da5540c719fe428abe2ccc52fd84
                                      • Instruction ID: e2e744beab03c2768bbbda1a6c107f1848ff752944c621c9eb046701e9ae0432
                                      • Opcode Fuzzy Hash: 882101de706bf398a324ded7b0b9a856cc68da5540c719fe428abe2ccc52fd84
                                      • Instruction Fuzzy Hash: DF21D6B4901209AFCB00CF99CA88A9EFBF8FF48704F20805AE909A7250D7759A05CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00444CD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024,?,?,?,?,?,?,00402FE6), ref: 00444D22
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,000000A4,?,?,?,?,?,?,00402FE6), ref: 00444D51
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresultNew2
                                      • String ID: /@
                                      • API String ID: 1998677070-2163338593
                                      • Opcode ID: 2f1168277ee8e0e23764293f1af0d774a9650f20abf9e2b05aa913d6efe1352e
                                      • Instruction ID: 4f48d995d76a67b8fbc032bb16b6d3bd352c6b2cf63355dfda87512c0cca0bf6
                                      • Opcode Fuzzy Hash: 2f1168277ee8e0e23764293f1af0d774a9650f20abf9e2b05aa913d6efe1352e
                                      • Instruction Fuzzy Hash: 01111975A40208EFD710DF59CA49F9ABBF8FB49704F10856AF909A7390C7789900CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00409295, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaNew2.MSVBVM60(00406DD0,00482024), ref: 00443D42
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EB8,00000088), ref: 00443D69
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CheckHresultNew2
                                      • String ID: S
                                      • API String ID: 1998677070-543223747
                                      • Opcode ID: f14eca2284f43288cf5c1efd05a2630ced732b356d207ad36ca92da47590c546
                                      • Instruction ID: d17e7f69360ed7f606360b456754bd130f7ebd3f9e815e8870e2405ec259b560
                                      • Opcode Fuzzy Hash: f14eca2284f43288cf5c1efd05a2630ced732b356d207ad36ca92da47590c546
                                      • Instruction Fuzzy Hash: 6B118C75A40204EFD700DF58CA49B9ABBF8FB09B05F10846AF909E7290C778A904CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040598A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaObjSetAddref.MSVBVM60(?), ref: 00468D5B
                                      • __vbaObjSetAddref.MSVBVM60(?), ref: 00468D67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: Addref__vba
                                      • String ID: X)@
                                      • API String ID: 1488654702-2943645793
                                      • Opcode ID: 37836c166ea1230aa8a4797c812febaf6a07fe6564b6baee7fa83d0d5854eb5e
                                      • Instruction ID: 18f3587eaad0ab9a83d1c62a894eaffa577c7b542bbef587d8e4b2ecc96d0cf8
                                      • Opcode Fuzzy Hash: 37836c166ea1230aa8a4797c812febaf6a07fe6564b6baee7fa83d0d5854eb5e
                                      • Instruction Fuzzy Hash: 6E114575600249EFC710DF59CA84E9AFBF8FF98700F20856AE84593650D774AD45CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00466D50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdSt.MSVBVM60(?,0000000D,?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 00466DB9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: Late__vba
                                      • String ID: P(@$/@
                                      • API String ID: 2531206574-539821086
                                      • Opcode ID: f2427f5c9e2d32beec454ca8619da4b06bee690d0a0c0e1ae79303f7505378a6
                                      • Instruction ID: 8bc4c4416743d85fbd13efc57ea4db4e814ccb9d053622a131c46d591ffe114c
                                      • Opcode Fuzzy Hash: f2427f5c9e2d32beec454ca8619da4b06bee690d0a0c0e1ae79303f7505378a6
                                      • Instruction Fuzzy Hash: 5311C875A00209EFD704EF58D545B9AFBF8FB48710F10866AF8099B740C774A941CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004073B9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCmp.MSVBVM60(00412C18,?,660E6A9B,00000000,/@), ref: 004511E7
                                      • __vbaVarVargNofree.MSVBVM60(?,660E6A9B,00000000,/@), ref: 0045120A
                                      • __vbaVarTstEq.MSVBVM60(00008008,00000000,?,660E6A9B,00000000,/@), ref: 00451215
                                      • __vbaVarCopy.MSVBVM60(?,660E6A9B,00000000,/@), ref: 0045123B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyNofreeVarg
                                      • String ID: /@
                                      • API String ID: 4112470069-2163338593
                                      • Opcode ID: 40c81c191af466a431af86c3cca3f19de06386c15305742722cc6ad13cea12fe
                                      • Instruction ID: a24cd938655602a9802dffc1514b02dd7187cc773bc189d8f1dafc20bb64cb14
                                      • Opcode Fuzzy Hash: 40c81c191af466a431af86c3cca3f19de06386c15305742722cc6ad13cea12fe
                                      • Instruction Fuzzy Hash: 0801E970905209AFCB10CFA8CA45B9EBBF4BB48741F60446AB905F7290D7786909CF55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0044E580, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044E5C8
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00402FE6), ref: 0044E5E8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFree
                                      • String ID: \highlight
                                      • API String ID: 1165857907-1865663018
                                      • Opcode ID: 3ab41e046b53ae89e4ff474ebe848fdcdb42dd3c28de7a2ef1fdf82accb8dc33
                                      • Instruction ID: d9e631c183a6baae647eedd07e6ec52fea19d27cb5ae6f769ffb239292ce0172
                                      • Opcode Fuzzy Hash: 3ab41e046b53ae89e4ff474ebe848fdcdb42dd3c28de7a2ef1fdf82accb8dc33
                                      • Instruction Fuzzy Hash: FF01C875C00219EFDB00DF95C9499EEFBB8FF98704F50846AE411A3650D7785906CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00407E65, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCmp.MSVBVM60(00412C18,?,/@,00000000,660E6A9B), ref: 00461207
                                      • __vbaVarVargNofree.MSVBVM60(?,/@,00000000,660E6A9B), ref: 0046122A
                                      • __vbaVarTstEq.MSVBVM60(00008008,00000000,?,/@,00000000,660E6A9B), ref: 00461235
                                      • __vbaVarCopy.MSVBVM60(?,/@,00000000,660E6A9B), ref: 0046125B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyNofreeVarg
                                      • String ID: /@
                                      • API String ID: 4112470069-2163338593
                                      • Opcode ID: c20d95753545b82e0ca577ab2053ab73053187ff93042dfb02d3a45e4e6e5ef3
                                      • Instruction ID: 97f5efe47e729239435be4822e215b960e2d301ab5f6236a215c267e1c7e7dc7
                                      • Opcode Fuzzy Hash: c20d95753545b82e0ca577ab2053ab73053187ff93042dfb02d3a45e4e6e5ef3
                                      • Instruction Fuzzy Hash: B00108B0901249EFCB50CFA8CA49B9EBBF4FF48740F64446AA505F7290E7786905CF5A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045B420, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,00402FE6), ref: 0045B462
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,00402FE6), ref: 0045B480
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFree
                                      • String ID: ` @
                                      • API String ID: 1165857907-1422817024
                                      • Opcode ID: 29d6ff4466505cc3ddfca017a386467d0ac3d0f0115ac9e5d3c8d2e06c193296
                                      • Instruction ID: 32d9be2d8b8f5e95ea3238730f818e89813f435aee50120b04f987ca62edec66
                                      • Opcode Fuzzy Hash: 29d6ff4466505cc3ddfca017a386467d0ac3d0f0115ac9e5d3c8d2e06c193296
                                      • Instruction Fuzzy Hash: EF011275800209EFC710DF94CA49EEEBFB8FF44B40F10846AF905A7251D7786A45CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463430, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,0000001B,00000000), ref: 0046347D
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 0046348B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CallLateMove
                                      • String ID: (&@
                                      • API String ID: 3597939527-2082278654
                                      • Opcode ID: e10a6af82b37944c984c2e212e3820644773e57a059c05ee505be2b6af00c107
                                      • Instruction ID: e80fad97cf7a172fab8c939133e3ee143968d126e58667dc1bd294c0b611306f
                                      • Opcode Fuzzy Hash: e10a6af82b37944c984c2e212e3820644773e57a059c05ee505be2b6af00c107
                                      • Instruction Fuzzy Hash: A8014B75901248ABC701DF59CA49E9AFBF8FF88700F20805AF505A3250D7B45A048B95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00462570, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000019,00000000), ref: 004625BD
                                      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00402FE6), ref: 004625CB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CallLateMove
                                      • String ID: (%@
                                      • API String ID: 3597939527-1462787901
                                      • Opcode ID: f6fa128d7c61b35c302e901e0b38a0f294c828fa30be69b23c228576d1c3bfa0
                                      • Instruction ID: 7901784a1ff2634b001cf2b3ec4dcce3e3386de9cd52e168f04254fe182378d6
                                      • Opcode Fuzzy Hash: f6fa128d7c61b35c302e901e0b38a0f294c828fa30be69b23c228576d1c3bfa0
                                      • Instruction Fuzzy Hash: 57014B75901208BFC700DF99CA49EAEFBF8FF98700F20805AF502A3650D7B45A018B95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00463980, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                      Download Yara Rule
                                      APIs
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,00402FE6), ref: 004639C5
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,00402FE6), ref: 004639DF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFree
                                      • String ID: \ulwave
                                      • API String ID: 1165857907-2238982166
                                      • Opcode ID: d62638190eda464b869cf80a6c688caeae30d38936868e989c05e52db5a5735c
                                      • Instruction ID: 2de4cea30819f7d8fbb734fd143d65990b553b8dda4053560720cca28b28f30e
                                      • Opcode Fuzzy Hash: d62638190eda464b869cf80a6c688caeae30d38936868e989c05e52db5a5735c
                                      • Instruction Fuzzy Hash: 1D01FB7580020AEFCB00DF95C949AAEFBB8FF44740F50856AF511A3290D7B86A4ACF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0045B4C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFree
                                      • String ID: /@
                                      • API String ID: 1165857907-2163338593
                                      • Opcode ID: 4ed9a8402963ee5880ba62861731376989fdbc5faa20c74944bc2c9b2306d29b
                                      • Instruction ID: dbf17561dd7c5d3f0a0b729f933bfd34fd0502431d89d3059f17531ee0f4fca4
                                      • Opcode Fuzzy Hash: 4ed9a8402963ee5880ba62861731376989fdbc5faa20c74944bc2c9b2306d29b
                                      • Instruction Fuzzy Hash: 12F09675400209FFCB00DF94CA49FEEBB78FB44B05F208029F905A7290E7786A09CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004644D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.280939316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.280934396.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281002165.0000000000482000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.281008818.0000000000487000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID: __vba$CopyFree
                                      • String ID: /@
                                      • API String ID: 1165857907-2163338593
                                      • Opcode ID: 76c6295ec1d52406454fa3d127fe1c97989c816d802b6761552d673176ba4b16
                                      • Instruction ID: 04efd17de6ccb1cfa1c41fb27cbb8293d5e91558d9e4d72f374a4c79304fb901
                                      • Opcode Fuzzy Hash: 76c6295ec1d52406454fa3d127fe1c97989c816d802b6761552d673176ba4b16
                                      • Instruction Fuzzy Hash: 06F01875500209EFCB00DF94CA49FEE7B78FF94B05F108069F90567590E7746A45CBA6
                                      Uniqueness

                                      Uniqueness Score: -1.00%