Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FINAL_PDF.exe

Overview

General Information

Sample name:FINAL_PDF.exe
Analysis ID:1574682
MD5:290905106503753d8bd791403e04fb04
SHA1:a9ba718e1742482506325c18b3559f2282528343
SHA256:32e950b63131f1aaf640047618a1ac8e380131c01d5a1a823dce9711308272e3
Tags:exeuser-lontze7
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Detected potential unwanted application
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • FINAL_PDF.exe (PID: 7456 cmdline: "C:\Users\user\Desktop\FINAL_PDF.exe" MD5: 290905106503753D8BD791403E04FB04)
    • Acrobat.exe (PID: 332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Documents\OUCH_SOKHENG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1868 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 4332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1532,i,969239553884294020,9147732095431164971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • FINAL_PDF.exe (PID: 1272 cmdline: "C:\Users\user\Desktop\FINAL_PDF.exe" MD5: 290905106503753D8BD791403E04FB04)
    • FINAL_PDF.exe (PID: 3136 cmdline: "C:\Users\user\Desktop\FINAL_PDF.exe" MD5: 290905106503753D8BD791403E04FB04)
    • FINAL_PDF.exe (PID: 4656 cmdline: "C:\Users\user\Desktop\FINAL_PDF.exe" MD5: 290905106503753D8BD791403E04FB04)
    • FINAL_PDF.exe (PID: 2672 cmdline: "C:\Users\user\Desktop\FINAL_PDF.exe" MD5: 290905106503753D8BD791403E04FB04)
    • FINAL_PDF.exe (PID: 1136 cmdline: "C:\Users\user\Desktop\FINAL_PDF.exe" MD5: 290905106503753D8BD791403E04FB04)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: FINAL_PDF.exe PID: 7456JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: FINAL_PDF.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: FINAL_PDF.exeReversingLabs: Detection: 18%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.7% probability
    Machine Learning detection for sample
    Source: FINAL_PDF.exeJoe Sandbox ML: detected
    Source: unknownHTTPS traffic detected: 91.134.10.168:443 -> 192.168.2.10:49707 version: TLS 1.2
    Source: FINAL_PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: global trafficHTTP traffic detected: GET /4VpfCKs/pilotxprograms-Final.jpg HTTP/1.1Host: i.ibb.coConnection: Keep-Alive
    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /4VpfCKs/pilotxprograms-Final.jpg HTTP/1.1Host: i.ibb.coConnection: Keep-Alive
    Source: global trafficDNS traffic detected: DNS query: i.ibb.co
    Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
    Source: FINAL_PDF.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: FINAL_PDF.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: FINAL_PDF.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: FINAL_PDF.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
    Source: FINAL_PDF.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: FINAL_PDF.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
    Source: FINAL_PDF.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
    Source: FINAL_PDF.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: FINAL_PDF.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: FINAL_PDF.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: FINAL_PDF.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
    Source: FINAL_PDF.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
    Source: 77EC63BDA74BD0D0E0426DC8F80085060.6.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
    Source: FINAL_PDF.exeString found in binary or memory: http://ocsp.comodoca.com0
    Source: FINAL_PDF.exeString found in binary or memory: http://ocsp.digicert.com0A
    Source: FINAL_PDF.exeString found in binary or memory: http://ocsp.digicert.com0C
    Source: FINAL_PDF.exeString found in binary or memory: http://ocsp.digicert.com0X
    Source: FINAL_PDF.exeString found in binary or memory: http://ocsp.sectigo.com0
    Source: FINAL_PDF.exe, 00000000.00000002.1868998295.0000000002711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: 2D85F72862B55C4EADD9E66E06947F3D.6.drString found in binary or memory: http://x1.i.lencr.org/
    Source: FINAL_PDF.exe, 00000000.00000002.1868998295.0000000002711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ibb.co
    Source: FINAL_PDF.exe, 00000000.00000002.1868998295.0000000002711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ibb.co/4VpfCKs/pilotxprograms-Final.jpg
    Source: FINAL_PDF.exeString found in binary or memory: https://sectigo.com/CPS0
    Source: ReaderMessages.4.drString found in binary or memory: https://www.adobe.co
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.anon.com/frit/asfta.dara
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownHTTPS traffic detected: 91.134.10.168:443 -> 192.168.2.10:49707 version: TLS 1.2

    System Summary

    barindex
    .NET source code contains very large array initializations
    Source: 0.2.FINAL_PDF.exe.42a7c02.1.raw.unpack, OperationalSorter.csLarge array initialization: SortDetachedSorter: array initializer size 543264
    Source: 0.2.FINAL_PDF.exe.3fe9fe2.0.raw.unpack, OperationalSorter.csLarge array initialization: SortDetachedSorter: array initializer size 543264
    Detected potential unwanted application
    Source: FINAL_PDF.exePE Siganture Subject Chain: CN=Tim Kosse, O=Tim Kosse, S=Nordrhein-Westfalen, C=DE
    Initial sample is a PE file and has a suspicious name
    Source: initial sampleStatic PE information: Filename: FINAL_PDF.exe
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE4C88 CreateProcessAsUserW,0_2_05FE4C88
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0256A6D90_2_0256A6D9
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_02568A700_2_02568A70
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_02564D5B0_2_02564D5B
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_025673980_2_02567398
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0256E5B80_2_0256E5B8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0471A2C40_2_0471A2C4
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_047184640_2_04718464
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0471A3210_2_0471A321
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0471ACC80_2_0471ACC8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0471ACB80_2_0471ACB8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0471C8710_2_0471C871
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0477EA800_2_0477EA80
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E93D600_2_05E93D60
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E9CF780_2_05E9CF78
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E998A00_2_05E998A0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E97B0B0_2_05E97B0B
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E987220_2_05E98722
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E9AE180_2_05E9AE18
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E9F1F00_2_05E9F1F0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E900400_2_05E90040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E960430_2_05E96043
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E960500_2_05E96050
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E9001F0_2_05E9001F
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E943A00_2_05E943A0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E9438D0_2_05E9438D
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E9DAD80_2_05E9DAD8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F698E80_2_05F698E8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F658830_2_05F65883
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F600400_2_05F60040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F650000_2_05F65000
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F633280_2_05F63328
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F6EAC00_2_05F6EAC0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F662900_2_05F66290
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F6DCB80_2_05F6DCB8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F680900_2_05F68090
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F680800_2_05F68080
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F694500_2_05F69450
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F694400_2_05F69440
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F600170_2_05F60017
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F68BF80_2_05F68BF8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F68BE80_2_05F68BE8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F643C70_2_05F643C7
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F6A3A00_2_05F6A3A0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F64F480_2_05F64F48
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F64EE70_2_05F64EE7
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F696E00_2_05F696E0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F696D00_2_05F696D0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F6CEB80_2_05F6CEB8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F6E2B80_2_05F6E2B8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F692480_2_05F69248
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05F692380_2_05F69238
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE1D200_2_05FE1D20
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE54CB0_2_05FE54CB
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE31500_2_05FE3150
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE00400_2_05FE0040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FEBB300_2_05FEBB30
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE52200_2_05FE5220
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE1D100_2_05FE1D10
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE34680_2_05FE3468
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE04620_2_05FE0462
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE34580_2_05FE3458
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE040B0_2_05FE040B
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE29A00_2_05FE29A0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE80980_2_05FE8098
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE80880_2_05FE8088
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE00070_2_05FE0007
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE3B200_2_05FE3B20
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE5AC30_2_05FE5AC3
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FEAA580_2_05FEAA58
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05FE521B0_2_05FE521B
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06337F110_2_06337F11
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063300060_2_06330006
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0634E8780_2_0634E878
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063300400_2_06330040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063402830_2_06340283
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06333EF30_2_06333EF3
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0633C2E50_2_0633C2E5
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063441630_2_06344163
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0634EB400_2_0634EB40
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0634D5E00_2_0634D5E0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639E6200_2_0639E620
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639A1780_2_0639A178
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639B82B0_2_0639B82B
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639E6110_2_0639E611
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063800070_2_06380007
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06394E4E0_2_06394E4E
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063800400_2_06380040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639D6400_2_0639D640
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639BEA40_2_0639BEA4
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0638FC9C0_2_0638FC9C
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639B8940_2_0639B894
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063976FA0_2_063976FA
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0638AAF20_2_0638AAF2
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639A13F0_2_0639A13F
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639A1250_2_0639A125
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639A1720_2_0639A172
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_063925750_2_06392575
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639A14B0_2_0639A14B
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639CBA80_2_0639CBA8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639CB990_2_0639CB99
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06387FE80_2_06387FE8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639EDEF0_2_0639EDEF
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0638D3C30_2_0638D3C3
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_064AE9680_2_064AE968
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_064900400_2_06490040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_064900060_2_06490006
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_064A86300_2_064A8630
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B723100_2_07B72310
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B768910_2_07B76891
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B76EF00_2_07B76EF0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5F0980_2_08F5F098
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F540740_2_08F54074
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F500400_2_08F50040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5164C0_2_08F5164C
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F51A380_2_08F51A38
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F51E200_2_08F51E20
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5D3F00_2_08F5D3F0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F54BC80_2_08F54BC8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F52BB00_2_08F52BB0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F54F580_2_08F54F58
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F520C00_2_08F520C0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F546C00_2_08F546C0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5C8C80_2_08F5C8C8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F520B00_2_08F520B0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5C8B80_2_08F5C8B8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F56E980_2_08F56E98
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5B2810_2_08F5B281
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F56E890_2_08F56E89
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F53E790_2_08F53E79
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F562780_2_08F56278
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5F0780_2_08F5F078
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F562680_2_08F56268
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F516580_2_08F51658
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5B6300_2_08F5B630
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5E6200_2_08F5E620
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F576200_2_08F57620
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5B6200_2_08F5B620
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F51A280_2_08F51A28
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F510110_2_08F51011
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5C2180_2_08F5C218
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F500060_2_08F50006
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F542000_2_08F54200
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F576000_2_08F57600
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5B9F00_2_08F5B9F0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5B9E10_2_08F5B9E1
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5D3C70_2_08F5D3C7
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5CDB00_2_08F5CDB0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F50FBC0_2_08F50FBC
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F523A00_2_08F523A0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F547AC0_2_08F547AC
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5CDAA0_2_08F5CDAA
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F599700_2_08F59970
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5757F0_2_08F5757F
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F54B520_2_08F54B52
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5C15A0_2_08F5C15A
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F585400_2_08F58540
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F54D310_2_08F54D31
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F595300_2_08F59530
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5C3280_2_08F5C328
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F595140_2_08F59514
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5C3180_2_08F5C318
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5850E0_2_08F5850E
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E29600_2_0A6E2960
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6EF4480_2_0A6EF448
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E5B680_2_0A6E5B68
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E5B880_2_0A6E5B88
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E00400_2_0A6E0040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E00220_2_0A6E0022
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E10800_2_0A6E1080
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E11C80_2_0A6E11C8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E16000_2_0A6E1600
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E46F00_2_0A6E46F0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E47000_2_0A6E4700
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6EF4390_2_0A6EF439
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6E15F40_2_0A6E15F4
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0AC7C9A00_2_0AC7C9A0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0AC7ECE80_2_0AC7ECE8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0AC700400_2_0AC70040
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0AC700270_2_0AC70027
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0AC747480_2_0AC74748
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0AC747380_2_0AC74738
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0ACD30180_2_0ACD3018
    Source: FINAL_PDF.exeStatic PE information: invalid certificate
    Source: FINAL_PDF.exe, 00000000.00000002.1868998295.0000000002841000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSxxsjoxa.exe" vs FINAL_PDF.exe
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAimtars.dll0 vs FINAL_PDF.exe
    Source: FINAL_PDF.exe, 00000000.00000002.1868400470.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs FINAL_PDF.exe
    Source: FINAL_PDF.exe, 00000000.00000002.1891205330.0000000005DB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRP8PV.dll, vs FINAL_PDF.exe
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAimtars.dll0 vs FINAL_PDF.exe
    Source: 0.2.FINAL_PDF.exe.42a7c02.1.raw.unpack, OperationalSorter.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.2.FINAL_PDF.exe.42a7c02.1.raw.unpack, VirtualEvent.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.2.FINAL_PDF.exe.42a7c02.1.raw.unpack, VirtualEvent.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.2.FINAL_PDF.exe.3fe9fe2.0.raw.unpack, OperationalSorter.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.2.FINAL_PDF.exe.3fe9fe2.0.raw.unpack, VirtualEvent.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.2.FINAL_PDF.exe.3fe9fe2.0.raw.unpack, VirtualEvent.csCryptographic APIs: 'CreateDecryptor'
    Source: classification engineClassification label: mal100.evad.winEXE@33/58@5/1
    Source: C:\Users\user\Desktop\FINAL_PDF.exeFile created: C:\Users\user\Documents\OUCH_SOKHENG.pdfJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMutant created: NULL
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-13 07-40-54-834.logJump to behavior
    Source: FINAL_PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: FINAL_PDF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
    Source: C:\Users\user\Desktop\FINAL_PDF.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: FINAL_PDF.exeReversingLabs: Detection: 18%
    Source: FINAL_PDF.exeString found in binary or memory: Vehicle_{0}/Added {0} to the queue.3Managing vehicle queue...?Waiting for the green signal...eAll vehicles have passed through the intersection.uMorning rush hour detected. Extended green light duration.uEvening rush hour detected. Extended green light duration.aOff-peak hours detected. Normal timings applied.
    Source: unknownProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Documents\OUCH_SOKHENG.pdf"
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1532,i,969239553884294020,9147732095431164971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Documents\OUCH_SOKHENG.pdf"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1532,i,969239553884294020,9147732095431164971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: rtutils.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: policymanager.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: msvcp110_win.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Users\user\Desktop\FINAL_PDF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: FINAL_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
    Source: FINAL_PDF.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: FINAL_PDF.exeStatic file information: File size 1671240 > 1048576
    Source: FINAL_PDF.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x188400
    Source: FINAL_PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

    Data Obfuscation

    barindex
    .NET source code contains method to dynamically call methods (often used by packers)
    Source: FINAL_PDF.exe, d0.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateIndexGet(NewLateBinding.LateGet(obj4, (Type)null, "GetMethods", new object[0], (string[])null, (Type[])null, (bool[])null), new object[1] { 0 }, (string[])null), (Type)null, "Invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true)
    Source: 0.2.FINAL_PDF.exe.42a7c02.1.raw.unpack, VirtualEvent.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
    Source: 0.2.FINAL_PDF.exe.3fe9fe2.0.raw.unpack, VirtualEvent.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
    .NET source code contains potential unpacker
    Source: 0.2.FINAL_PDF.exe.42a7c02.1.raw.unpack, OperationalSorter.cs.Net Code: SortAutomatedSorter System.Reflection.Assembly.Load(byte[])
    Source: 0.2.FINAL_PDF.exe.3fe9fe2.0.raw.unpack, OperationalSorter.cs.Net Code: SortAutomatedSorter System.Reflection.Assembly.Load(byte[])
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_05E91E3C push ecx; retf 0_2_05E91E40
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06349692 push eax; iretd 0_2_06349693
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06348F36 push esi; retf 0_2_06348F47
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06349700 pushad ; iretd 0_2_06349701
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06337F05 push ebp; ret 0_2_06337F06
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0634977D push ss; ret 0_2_06349787
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639CABB push es; retf 0_2_0639CABC
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639C8DF push es; iretd 0_2_0639C8E0
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06387B71 push cs; iretd 0_2_06387B72
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0639C9C7 push es; iretd 0_2_0639C9D8
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_06492684 push ss; retf 0_2_06492687
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B7A3D1 push ss; ret 0_2_07B7A3D4
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B79E3F push edi; iretd 0_2_07B79E4A
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B75A6F push esp; ret 0_2_07B75A70
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B78987 push 06BAEEA2h; ret 0_2_07B7898C
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B75989 push ss; retf 0_2_07B75998
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_07B7A004 push ds; iretd 0_2_07B7A008
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_08F5F045 push eax; iretd 0_2_08F5F04A
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6ECA70 push esp; iretd 0_2_0A6ECA71
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6ECB4A pushfd ; iretd 0_2_0A6ECB51
    Source: C:\Users\user\Desktop\FINAL_PDF.exeCode function: 0_2_0A6EABE0 pushfd ; ret 0_2_0A6EABE9
    Source: FINAL_PDF.exe, Sy.csHigh entropy of concatenated method names: 'Hb', 'MoveNext', 'r1', 'SetStateMachine', 'q7', 'MoveNext', 'c5', 'SetStateMachine', 'k4', 'Mi'

    Hooking and other Techniques for Hiding and Protection

    barindex
    Icon mismatch, binary includes an icon from a different legit application in order to fool users
    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (98).png
    Hides that the sample has been downloaded from the Internet (zone.identifier)
    Source: C:\Users\user\Desktop\FINAL_PDF.exeFile opened: C:\Users\user\Desktop\FINAL_PDF.exe\:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Yara detected AntiVM3
    Source: Yara matchFile source: Process Memory Space: FINAL_PDF.exe PID: 7456, type: MEMORYSTR
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 2560000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 2710000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 4710000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 6A50000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 7A50000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 7BD0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: 8BD0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: AC50000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: BC50000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeWindow / User API: threadDelayed 1963Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeWindow / User API: threadDelayed 7826Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -29514790517935264s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -100000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99875s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99766s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99641s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99516s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99406s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99297s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99188s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -99063s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98888s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98579s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98453s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98341s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98235s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98125s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -98016s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97891s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97782s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97657s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97547s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97438s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97313s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97188s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -97063s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96938s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96828s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96719s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96594s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96485s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96360s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96244s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -96095s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95954s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95750s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95629s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95500s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95391s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95281s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95172s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -95063s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94938s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94829s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94704s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94579s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94454s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94329s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94204s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -94079s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exe TID: 7700Thread sleep time: -93954s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 100000Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99875Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99766Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99641Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99516Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99406Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99297Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99188Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 99063Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98888Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98579Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98453Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98341Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98235Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98125Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 98016Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97891Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97782Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97657Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97547Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97438Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97313Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97188Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 97063Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96938Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96828Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96719Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96594Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96485Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96360Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96244Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 96095Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95954Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95750Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95629Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95500Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95391Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95281Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95172Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 95063Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94938Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94829Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94704Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94579Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94454Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94329Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94204Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 94079Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeThread delayed: delay time: 93954Jump to behavior
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware svga
    Source: FINAL_PDF.exe, 00000000.00000002.1868460471.0000000000AC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 18292495#Microsoft Hyper-V
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1234093728qemu
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmusrvc
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachineDetector
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmsrvc
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmtools
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware sata5vmware usb pointing device-vmware vmci bus deviceCvmware virtual s scsi disk device
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vboxservicevbox)Microsoft Virtual PC
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1474865605QEMU
    Source: FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 77930674-vmware pointing device
    Source: FINAL_PDF.exe, 00000000.00000002.1868460471.0000000000B2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: FINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachine
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Injects a PE file into a foreign processes
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory written: C:\Users\user\Desktop\FINAL_PDF.exe base: F40000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory written: C:\Users\user\Desktop\FINAL_PDF.exe base: 13A0000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory written: C:\Users\user\Desktop\FINAL_PDF.exe base: 810000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory written: C:\Users\user\Desktop\FINAL_PDF.exe base: 1300000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeMemory written: C:\Users\user\Desktop\FINAL_PDF.exe base: 800000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Documents\OUCH_SOKHENG.pdf"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeProcess created: C:\Users\user\Desktop\FINAL_PDF.exe "C:\Users\user\Desktop\FINAL_PDF.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeQueries volume information: C:\Users\user\Desktop\FINAL_PDF.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: C:\Users\user\Desktop\FINAL_PDF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Valid Accounts    		2
    Command and Scripting Interpreter    		1
    Valid Accounts    		1
    Valid Accounts    		11
    Masquerading    		OS Credential Dumping1
    Query Registry    		Remote Services11
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    DLL Side-Loading    		1
    Access Token Manipulation    		1
    Valid Accounts    		LSASS Memory1
    Security Software Discovery    		Remote Desktop Protocol1
    Data from Local System    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)111
    Process Injection    		1
    Access Token Manipulation    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    DLL Side-Loading    		1
    Disable or Modify Tools    		NTDS31
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script31
    Virtualization/Sandbox Evasion    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts111
    Process Injection    		Cached Domain Credentials11
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Deobfuscate/Decode Files or Information    		DCSync12
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Hidden Files and Directories    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Obfuscated Files or Information    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Software Packing    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
    DLL Side-Loading    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    FINAL_PDF.exe18%ReversingLabsByteCode-MSIL.Trojan.Pretoria
    FINAL_PDF.exe100%AviraHEUR/AGEN.1304624
    FINAL_PDF.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://www.anon.com/frit/asfta.dara0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    bg.microsoft.map.fastly.net
    		199.232.214.172
    		truefalse
      		high
      i.ibb.co
      		91.134.10.168
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#FINAL_PDF.exefalse
            		high
            https://www.anon.com/frit/asfta.daraFINAL_PDF.exe, 00000000.00000002.1907964834.000000000A270000.00000004.08000000.00040000.00000000.sdmp, FINAL_PDF.exe, 00000000.00000002.1901674209.0000000007BD1000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D.6.drfalse
              		high
              https://www.adobe.coReaderMessages.4.drfalse
                		high
                https://sectigo.com/CPS0FINAL_PDF.exefalse
                  		high
                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#FINAL_PDF.exefalse
                    		high
                    https://i.ibb.coFINAL_PDF.exe, 00000000.00000002.1868998295.0000000002711000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yFINAL_PDF.exefalse
                        		high
                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0FINAL_PDF.exefalse
                          		high
                          http://ocsp.sectigo.com0FINAL_PDF.exefalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFINAL_PDF.exe, 00000000.00000002.1868998295.0000000002711000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              91.134.10.168
                              		i.ibb.coFrance
                              		16276OVHFRfalse

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1574682
                              Start date and time:2024-12-13 13:39:06 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 7m 11s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:19
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:FINAL_PDF.exe
                              Detection:MAL
                              Classification:mal100.evad.winEXE@33/58@5/1
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 92%
                              • Number of executed functions: 259
                              • Number of non-executed functions: 1
                              Cookbook Comments:
                              • Found application associated with file extension: .exe

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 199.232.214.172, 23.218.208.137, 172.64.41.3, 162.159.61.3, 52.6.155.20, 3.233.129.217, 52.22.41.97, 3.219.243.226, 2.19.198.10, 23.32.239.56, 23.32.239.74, 23.32.239.49, 23.32.239.65, 23.32.239.9, 23.195.39.65, 2.20.40.170, 2.19.198.27, 2.19.198.16, 23.32.239.26, 23.32.239.64, 20.12.23.50, 23.218.208.109
                              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtCreateFile calls found.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • VT rate limit hit for: FINAL_PDF.exe

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              07:40:18API Interceptor79x Sleep call for process: FINAL_PDF.exe modified
                              07:41:06API Interceptor2x Sleep call for process: AcroCEF.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              91.134.10.168cv.exeGet hashmaliciousUnknownBrowse
                                Filezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                  https://rnicrosoft-secured-office.squarespace.com/sharepoint?e=test@test.com.auGet hashmaliciousHTMLPhisherBrowse
                                    https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      i.ibb.coFilezilla.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.127
                                      cv.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      Filezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      https://rnicrosoft-secured-office.squarespace.com/sharepoint?e=test@test.com.auGet hashmaliciousHTMLPhisherBrowse
                                      • 91.134.82.79
                                      https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                      • 91.134.9.160
                                      msedge.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                      • 91.134.9.160
                                      https://citiscapegroupae-my.sharepoint.com/:li:/g/personal/asekhar_citiscapegroup_com/E9U24ACMrctKoLKfReMWVjMBfxodtw3c4oUIHo4oyReVhg?e=SgIv5D&xsdata=MDV8MDJ8ZGVyZWsuZGVscG9ydEBvbnRoZWRvdC5jby56YXw5ZWEzNzFkNDdmNTM0YzE2Yjg5YTA4ZGQwZTAwZjY1OXwxMGRjN2M5NjU5NzY0NjAxODgyYzlhYzdjMjg3MGVjY3wxfDB8NjM4NjgyMTE5NTE1MDk3NDExfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=S3JqYzUxeUd4SmtWMEVWUzBMU3JUREpWTEJiN3VmeFVrY09ucElOZDRzaz0%3dGet hashmaliciousHTMLPhisherBrowse
                                      • 91.134.10.127
                                      Fatura931Pendente956.pdf761.msiGet hashmaliciousUnknownBrowse
                                      • 91.134.82.79
                                      https://trimmer.to:443/GWHMYGet hashmaliciousHTMLPhisherBrowse
                                      • 162.19.58.157
                                      2024101221359RemitanceAdvice..pdfGet hashmaliciousHTMLPhisherBrowse
                                      • 162.19.58.161
                                      bg.microsoft.map.fastly.netproduct.batGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      cv.exeGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      XNizDtIArJ.docGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      jCpeLqH5mZ.docGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      rcNDmdah2W.docGet hashmaliciousUnknownBrowse
                                      • 199.232.214.172
                                      HzZkjxWF3j.docGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                      • 199.232.214.172
                                      cGYA93A1qC.docGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      Rage.dllGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      SLNA_Updated_Medical_Grant_Application(1).docxGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      OVHFRFilezilla.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.127
                                      cv.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      Filezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                      • 149.56.240.132
                                      http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                      • 149.56.240.132
                                      boleto.exeGet hashmaliciousXWormBrowse
                                      • 158.69.12.143
                                      sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                      • 137.74.5.14
                                      http://ebaumsworld.comGet hashmaliciousUnknownBrowse
                                      • 51.75.86.98
                                      https://link.edgepilot.com/s/f30932b1/vPPKRjWXhUuvPsJT0zGKsQ?u=https://lf7oxrhbb.cc.rs6.net/tn.jsp?f=001h06J4Rg18suvxSEI1tED4DAF8iRuyxY1F6LaYcn7sb4iX7GBolUHc7ee-KUx3ocXE9JkVShRAfV1x6aenzzKcDmVc2_grDROu5C380NMdm5zgykpeK24RW4ydxOZY-zzWGqXDAcSMsLIRx7mTviOEg==%26c=rtZvyEmdrWl6DZ9XsciJKGlh47UQUNn-J3NXlYUvzX0mHT2yPp0J7g==%26ch=pbMEYYEPfkmXeu_oUdJD2iMHpz6dLW5FEUtMz_fcwAIrF1HSqrYuCA==%26__=wp-admin/wp/2XWV/Dcndx/c3Njb3R0QGRjbmR4LmNvbQ=%3DGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                      • 198.27.109.55
                                      zZ8OdFfZnb.exeGet hashmaliciousUnknownBrowse
                                      • 158.69.63.42

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      3b5074b1b5d032e5620f69f9f700ff0eFilezilla.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      cv.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      Filezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      888.exeGet hashmaliciousLuca StealerBrowse
                                      • 91.134.10.168
                                      888.exeGet hashmaliciousLuca StealerBrowse
                                      • 91.134.10.168
                                      https://opof.utackhepr.com/WE76L1u/Get hashmaliciousUnknownBrowse
                                      • 91.134.10.168
                                      taskhost.exeGet hashmaliciousXWormBrowse
                                      • 91.134.10.168
                                      XClient.exeGet hashmaliciousXWormBrowse
                                      • 91.134.10.168
                                      Loader.exeGet hashmaliciousQuasarBrowse
                                      • 91.134.10.168
                                      smb.ps1Get hashmaliciousXmrigBrowse
                                      • 91.134.10.168

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.222541021045997
                                      Encrypted:false
                                      SSDEEP:6:7ac1q2PFi2nKuAl9OmbnIFUt8OaeZmw+OaSkwOFi2nKuAl9OmbjLJ:7pvdZHAahFUt8O1/+On5wZHAaSJ
                                      MD5:91884B9A34E46075DB2BA22AE4586C48
                                      SHA1:625961B8527F588CEC60DCE6496C971CFBD7F03F
                                      SHA-256:EB5EDFDA2CDBE1AB866FF0BDEA7B671C8157A46B421B043DF3DCCBF4B4DA00FB
                                      SHA-512:9D5C9D67D9FF3EC90EC3C084D3593DACCDDFDB140FB1E67BA644BE0A32EC7849E9F02EF0F26BB93B56C9E9DA322E7BCCA9C7421CC0922CB121051EB0E2779C9B
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/12/13-07:40:54.819 af0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/13-07:40:54.821 af0 Recovering log #3.2024/12/13-07:40:54.821 af0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.222541021045997
                                      Encrypted:false
                                      SSDEEP:6:7ac1q2PFi2nKuAl9OmbnIFUt8OaeZmw+OaSkwOFi2nKuAl9OmbjLJ:7pvdZHAahFUt8O1/+On5wZHAaSJ
                                      MD5:91884B9A34E46075DB2BA22AE4586C48
                                      SHA1:625961B8527F588CEC60DCE6496C971CFBD7F03F
                                      SHA-256:EB5EDFDA2CDBE1AB866FF0BDEA7B671C8157A46B421B043DF3DCCBF4B4DA00FB
                                      SHA-512:9D5C9D67D9FF3EC90EC3C084D3593DACCDDFDB140FB1E67BA644BE0A32EC7849E9F02EF0F26BB93B56C9E9DA322E7BCCA9C7421CC0922CB121051EB0E2779C9B
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/12/13-07:40:54.819 af0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/13-07:40:54.821 af0 Recovering log #3.2024/12/13-07:40:54.821 af0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):334
                                      Entropy (8bit):5.223078831759995
                                      Encrypted:false
                                      SSDEEP:6:7aXti+q2PFi2nKuAl9Ombzo2jMGIFUt8OaiZmw+OaT3NVkwOFi2nKuAl9Ombzo23:7OlvdZHAa8uFUt8Or/+Os3z5wZHAa8RJ
                                      MD5:79462B4337FAA1457A1FE89F70A32E97
                                      SHA1:E6E1BC28D5E6BBB0011227D2EC63499BAA6E757D
                                      SHA-256:FC3D1CC3612832F4EE5C3A9DDB75F1DFD38A46B2F102DE14EC10BDFC37B1D51B
                                      SHA-512:7A56B486BB246FCE42565ED100DAE4594E37940DB0544D323574907D72CBA1338C094AEAAF62DDA6189F737D753C2EF26F39875E1FF2D45FB0CF4A04BC2677A3
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/12/13-07:40:54.709 1168 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/13-07:40:54.710 1168 Recovering log #3.2024/12/13-07:40:54.711 1168 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):334
                                      Entropy (8bit):5.223078831759995
                                      Encrypted:false
                                      SSDEEP:6:7aXti+q2PFi2nKuAl9Ombzo2jMGIFUt8OaiZmw+OaT3NVkwOFi2nKuAl9Ombzo23:7OlvdZHAa8uFUt8Or/+Os3z5wZHAa8RJ
                                      MD5:79462B4337FAA1457A1FE89F70A32E97
                                      SHA1:E6E1BC28D5E6BBB0011227D2EC63499BAA6E757D
                                      SHA-256:FC3D1CC3612832F4EE5C3A9DDB75F1DFD38A46B2F102DE14EC10BDFC37B1D51B
                                      SHA-512:7A56B486BB246FCE42565ED100DAE4594E37940DB0544D323574907D72CBA1338C094AEAAF62DDA6189F737D753C2EF26F39875E1FF2D45FB0CF4A04BC2677A3
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/12/13-07:40:54.709 1168 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/13-07:40:54.710 1168 Recovering log #3.2024/12/13-07:40:54.711 1168 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\18d485bf-001e-460c-b67d-1c8fe8bbf20e.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:modified
                                      Size (bytes):476
                                      Entropy (8bit):4.971479333768712
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqD7dRsBdOg2H+gcaq3QYiubpP7E4TX:Y2sRds8kdMHe3QYhbd7n7
                                      MD5:18902B2917FB8E3D20CCE76BB41E6180
                                      SHA1:B092C8B8EA6C23F2A59BA716C596A950178EDF4C
                                      SHA-256:F880464001B952B9884E6E0388B612F5B333F2B2F51EE33AE03E24FFC530213D
                                      SHA-512:2FE2A999B7001C187A1F2AA21CA27B435B9D45E1E9A6F920B4E0B230829D4F539C9D660C46185EAA83F9998831EE9368D65A700C539FC5CD5460559C382B8128
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378653664374829","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":617166},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):476
                                      Entropy (8bit):4.962905575204746
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqUT9ksBdOg2Hh7caq3QYiubpP7E4TX:Y2sRds5TdMH43QYhbd7n7
                                      MD5:F371FDA655516B50D489FC8CFB1306C9
                                      SHA1:26FAC2270B5A1180925A6B601A8DA8AC188A0096
                                      SHA-256:730853F0624FCDD3E7C3874FE9A3249995249013D2EBD7F87AAC2A7EB8EF699A
                                      SHA-512:B8E2189A814C4063996FFF065FAFADE9EF12B7A01408572BCD3844C3CE7BDA1C8750B0DE390CCB61F0BB1193D01574B34C80A8BC5971C8429D8763C45298F8BA
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341061835820912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":149104},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF649dd0.TMP (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):476
                                      Entropy (8bit):4.962905575204746
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqUT9ksBdOg2Hh7caq3QYiubpP7E4TX:Y2sRds5TdMH43QYhbd7n7
                                      MD5:F371FDA655516B50D489FC8CFB1306C9
                                      SHA1:26FAC2270B5A1180925A6B601A8DA8AC188A0096
                                      SHA-256:730853F0624FCDD3E7C3874FE9A3249995249013D2EBD7F87AAC2A7EB8EF699A
                                      SHA-512:B8E2189A814C4063996FFF065FAFADE9EF12B7A01408572BCD3844C3CE7BDA1C8750B0DE390CCB61F0BB1193D01574B34C80A8BC5971C8429D8763C45298F8BA
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341061835820912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":149104},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bff473fe-e107-4a29-98e7-0decde26f12f.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):476
                                      Entropy (8bit):4.962905575204746
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqUT9ksBdOg2Hh7caq3QYiubpP7E4TX:Y2sRds5TdMH43QYhbd7n7
                                      MD5:F371FDA655516B50D489FC8CFB1306C9
                                      SHA1:26FAC2270B5A1180925A6B601A8DA8AC188A0096
                                      SHA-256:730853F0624FCDD3E7C3874FE9A3249995249013D2EBD7F87AAC2A7EB8EF699A
                                      SHA-512:B8E2189A814C4063996FFF065FAFADE9EF12B7A01408572BCD3844C3CE7BDA1C8750B0DE390CCB61F0BB1193D01574B34C80A8BC5971C8429D8763C45298F8BA
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341061835820912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":149104},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4370
                                      Entropy (8bit):5.234708268530347
                                      Encrypted:false
                                      SSDEEP:96:wshFT0h7cA4YC2EVPCqY35NEmNOYcGPtqKYSEVv0oXBvcLkPc:wshFT0h7cZb2EVKZPEANcGIK5EVv0oXw
                                      MD5:CA420CFB7D78E091CF217A4F8FC93A25
                                      SHA1:918400F835837F9311B3AE3A078FA5EFA866CBEF
                                      SHA-256:975C1FF5544D1B2D4D48FCADF60257F6F4FC017A2AD4D9BCF50F45F76611449E
                                      SHA-512:5BFDF867EB364E1B29010F9E17622DFE3D87B3237EDD81ABDEE896DEE63CD77D74A970C3DE19F3D35349DFCB31F956132E206B9F575144A4BC53604F272B74C1
                                      Malicious:false
                                      Preview:*...#................version.1..namespace-#..o................next-map-id.1.Pnamespace-03b00fbd_48ad_47b1_8693_0d5562b6d54b-https://rna-resource.acrobat.com/.0..QRr................next-map-id.2.Snamespace-9efb0a2e_bf8a_4008_b12a_325311a763d0-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-493a2582_fd2f_403f_a0b6_bf623eaab337-https://rna-v2-resource.acrobat.com/.2%e.o................next-map-id.4.Pnamespace-285943ad_4ed5_46fb_8713_f1874054bf05-https://rna-resource.acrobat.com/.3nU..^...............Pnamespace-03b00fbd_48ad_47b1_8693_0d5562b6d54b-https://rna-resource.acrobat.com/"..C^...............Pnamespace-285943ad_4ed5_46fb_8713_f1874054bf05-https://rna-resource.acrobat.com/....a...............Snamespace-9efb0a2e_bf8a_4008_b12a_325311a763d0-https://rna-v2-resource.acrobat.com/.+;|a...............Snamespace-493a2582_fd2f_403f_a0b6_bf623eaab337-https://rna-v2-resource.acrobat.com/....o................next-map-id.5.Pnamespace-10b75d2f_11e7_4fa3_ae23_

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):322
                                      Entropy (8bit):5.246275210528232
                                      Encrypted:false
                                      SSDEEP:6:7a1kt+q2PFi2nKuAl9OmbzNMxIFUt8Oa1FXZmw+Oa1fiVkwOFi2nKuAl9OmbzNMT:7ylvdZHAa8jFUt8OyFX/+Oyi5wZHAa8E
                                      MD5:16AED0E1983C0BFCD18606A0B33CEC30
                                      SHA1:3CD9D8E6FF81E24CA211AE4E85A288C1A0747BC0
                                      SHA-256:B3E059BACCE88EEB9FF3489BBA4D9E5C4B8831453A75DC6FCDB63E22FE36E570
                                      SHA-512:4F07CE7875075A5161C063407AF4347A74932AFA4F0FE89C26C413D3E8709742E357FE391AE7AB6344877D61C64A138D6343E804D76B7F1FF00673627C91FEFB
                                      Malicious:false
                                      Preview:2024/12/13-07:40:55.265 1168 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/13-07:40:55.266 1168 Recovering log #3.2024/12/13-07:40:55.267 1168 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):322
                                      Entropy (8bit):5.246275210528232
                                      Encrypted:false
                                      SSDEEP:6:7a1kt+q2PFi2nKuAl9OmbzNMxIFUt8Oa1FXZmw+Oa1fiVkwOFi2nKuAl9OmbzNMT:7ylvdZHAa8jFUt8OyFX/+Oyi5wZHAa8E
                                      MD5:16AED0E1983C0BFCD18606A0B33CEC30
                                      SHA1:3CD9D8E6FF81E24CA211AE4E85A288C1A0747BC0
                                      SHA-256:B3E059BACCE88EEB9FF3489BBA4D9E5C4B8831453A75DC6FCDB63E22FE36E570
                                      SHA-512:4F07CE7875075A5161C063407AF4347A74932AFA4F0FE89C26C413D3E8709742E357FE391AE7AB6344877D61C64A138D6343E804D76B7F1FF00673627C91FEFB
                                      Malicious:false
                                      Preview:2024/12/13-07:40:55.265 1168 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/13-07:40:55.266 1168 Recovering log #3.2024/12/13-07:40:55.267 1168 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241213124100Z-292.bmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                      Category:dropped
                                      Size (bytes):65110
                                      Entropy (8bit):0.8437626046465777
                                      Encrypted:false
                                      SSDEEP:96:ZM9B+OjNXzmpMD3ZuQqBUvsUO1dPOM/McQMBcgHQBCSiQ:cIBtPnFQ
                                      MD5:5FAFBAB362AC54909C754178676B1C4F
                                      SHA1:B78B38FD8B738FC0FD6EA34C144B6749839483FB
                                      SHA-256:59D5393FB1EB6D4FA4286DAC5F42DE07BAFD751E0B0267C84577A1C9D1863FB9
                                      SHA-512:294449C151F439E1066145427537BDAC2310CB9AA49E4EC80DE2FA7D60CB06B0D2CBBF16F70A3442DAFBD0B650753A2E1599DB40CBD72F8EA538D6E34E0AC2B1
                                      Malicious:false
                                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                      Category:dropped
                                      Size (bytes):86016
                                      Entropy (8bit):4.438771870333354
                                      Encrypted:false
                                      SSDEEP:384:yejci5GIiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:0kurVgazUpUTTGt
                                      MD5:A7ED0D8ACB2F2F7370DE1E4F06E2D7D3
                                      SHA1:08CFB6383CA95961214EF1B2711F1127F1CCE68D
                                      SHA-256:9F1F7A6C6DA04990158DDAD88E9D98AE126F6673E2B6283A7F7073BC69ABD6CB
                                      SHA-512:248BE000C183A8800B55979070C4B7FCEADB4446BC18EC43C0972C10AE7A13B747FF48E38F4F970349E3BEA09D38A8FBA04BA695F3AFCAF5BA80E6BF1CF71EC1
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):3.774526618975897
                                      Encrypted:false
                                      SSDEEP:48:7Mop/E2ioyVVeioy5oWoy1CUoy1MNKOioy1noy1AYoy1Wioy1hioybioy6/oy1nh:73pjuVeJP/XKQxtKb9IVXEBodRBkM
                                      MD5:E4849A99A1A658625F280DB44315D976
                                      SHA1:BBB7D095E60AE43134BE2746F6456EEF1976BC91
                                      SHA-256:082AA3313E6FA7F9CCCEE8A0CF8829CDEB5690F9A642DC47B80EE983B9116DD5
                                      SHA-512:46AD0932FE9E2EB67C5075EDF77B6879BBEBBC777F80425E834D0939BCD09F2807AF2AF40796638F8904C055F86A19E832AE84659598B1CD20647AD65CB18B5E
                                      Malicious:false
                                      Preview:.... .c.......i................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Certificate, Version=3
                                      Category:dropped
                                      Size (bytes):1391
                                      Entropy (8bit):7.705940075877404
                                      Encrypted:false
                                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                      Malicious:false
                                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                      Category:dropped
                                      Size (bytes):71954
                                      Entropy (8bit):7.996617769952133
                                      Encrypted:true
                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                      Malicious:false
                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):192
                                      Entropy (8bit):2.7673182398396405
                                      Encrypted:false
                                      SSDEEP:3:kkFklxolob3lltfllXlE/HT8kxsxtNNX8RolJuRdxLlGB9lQRYwpDdt:kK1W3/eT846NMa8RdWBwRd
                                      MD5:79800CF0F22FF48536375577A378E4AA
                                      SHA1:CA1AD3D1AAE4DFB328629A2CEFC5B1C0324BFAE6
                                      SHA-256:39E27A77941665F5CC12076AF4921EE4DDC6CFDAA48319FB99BB431359C13C9C
                                      SHA-512:680223C3056F5E14BDDEA14651E2D5C8A858DA3A1F58BFAED1C785666469A6B920FDF3BF620FF2BB57DE5309698E2F715379B721447A45282412F1C646199E6B
                                      Malicious:false
                                      Preview:p...... ........B.IG\M..(....................................................... ..........W...................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:modified
                                      Size (bytes):328
                                      Entropy (8bit):3.245596380966818
                                      Encrypted:false
                                      SSDEEP:6:kKfL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:XiDImsLNkPlE99SNxAhUe/3
                                      MD5:6A60F611EF86FB75D437E7719843EA15
                                      SHA1:C75375242CC02A70A059A4580253C4104AE2089E
                                      SHA-256:350DB5EEC7561DCEE1409D37574F5A8B249E8801A0247C3A7223BF611F89CE0B
                                      SHA-512:32DDC6249AFB8E85A234327AFC203CDF7B865290A06009E247F8E6C256D766B2EDE337BEAE54C3D75DC719B259A8AFBB631DFF0DC04DF4B2279B99E473089BE0
                                      Malicious:false
                                      Preview:p...... ........h.$Z\M..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7440

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):10880
                                      Entropy (8bit):5.214360287289079
                                      Encrypted:false
                                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                      MD5:B60EE534029885BD6DECA42D1263BDC0
                                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7440

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):10880
                                      Entropy (8bit):5.214360287289079
                                      Encrypted:false
                                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                      MD5:B60EE534029885BD6DECA42D1263BDC0
                                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.36728798654847
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJM3g98kUwPeUkwRe9:YvXKX+kV2UTbdciVGMbLUkee9
                                      MD5:199EADC1378F59D944F36733BE0B204F
                                      SHA1:27B05EA8A8370893C20520BAF05D424978291C50
                                      SHA-256:E4CAF7590DB7D808A398E2B57B851445010481ED1D6829790445C19A4DBD50DB
                                      SHA-512:27018E9CBF8A27F4A1C58DC4F312B266B6D45C65BBC66FD4303267AE68DB84A36FB2D23DF9EFE7714CF425D094F35BCE2AB70180BC1277B8CECC13B78E9C1F4C
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.309507487214435
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfBoTfXpnrPeUkwRe9:YvXKX+kV2UTbdciVGWTfXcUkee9
                                      MD5:D13D58F5E7D7ABD7F0214A784C5B6CCB
                                      SHA1:59A19296C41B1A2565613DC78403E0D137551677
                                      SHA-256:4EDF75611CE1164C0700AA1BB311542DBF75E9DF138B88823AE9D80C19033132
                                      SHA-512:845BD992D90DFA0B1DFA3EEE7455823E8832643F81527EA46B0F4579AFB09BAE8B9A91261911CEBB22D687B29CBD06EFE009C9C4AFD561A14FD8CF0D19F1E89B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.287906806082866
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfBD2G6UpnrPeUkwRe9:YvXKX+kV2UTbdciVGR22cUkee9
                                      MD5:B22422CA49ACBC97E18E32BB8693D51D
                                      SHA1:0114D8AE06C77B9B5C39D144645CDCE5FC2ABCD5
                                      SHA-256:B059743F6D074E4ABAC9AD64FC6B2A0324297912727CD7D99EC16E64DBAD4C93
                                      SHA-512:506597A7084E837A37A4477BE64773AD8421E376C9A615CA5AFB45C3CD99EA573BFB402693E2A22363E12A37FF10446900D019188F24BDD73D415BEE6013E703
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):285
                                      Entropy (8bit):5.341704401708681
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfPmwrPeUkwRe9:YvXKX+kV2UTbdciVGH56Ukee9
                                      MD5:DFE67D6068B7361DA224F1E4D1472AA0
                                      SHA1:274436689B68FC7BD1C1F7319DBB7239BEF7196B
                                      SHA-256:08F1B5D686E42B8D9F764C3E2B0E665ED4096FA4899483DC1D229613C586D269
                                      SHA-512:DB83AABAAFEC9EB57B82DFC1B3B4EED9898BFF046A17DBA60F7FE180BF5729FC510A54F82075A400818A04CD11F1DF9BB303FD86469E7C678CE910FDBEC72F06
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1123
                                      Entropy (8bit):5.691682056528744
                                      Encrypted:false
                                      SSDEEP:24:Yv6X+zUXi7pLgE9cQx8LennAvzBvkn0RCmK8czOCCSX2:YvLwi7hgy6SAFv5Ah8cv/m
                                      MD5:54D0C410BB6A1E987D7789868BB087E3
                                      SHA1:8302A32E6228686B5EEAFD3198C9385EA460C052
                                      SHA-256:75D06986820341F6B4F92B517C5B394114A1588C2679B23F7835451F4D12B97D
                                      SHA-512:8084935196CD55B9DDED305DF164FB21FF9BB0CD7397BCF7B30C962E5700D7E80ED8E64DD2BC0FF04500732FBE0B2D569F4F35FC5D0CF136983F87C661627611
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.287987064429764
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJf8dPeUkwRe9:YvXKX+kV2UTbdciVGU8Ukee9
                                      MD5:55F843670E4FDA1E7E5968E71FA6DA7F
                                      SHA1:94ACA37E5DAB8FB6B1A341CD4DD267F1B7C46B10
                                      SHA-256:AF2FC338BA45CAE8B03764072752668010593EC79C8AB5C7204C146F1AA7177E
                                      SHA-512:1002C00F21A7A2FD118A40E32A21623B46F6B4CD89F0282FD7C9544376840B192E1FDBC95562D3AF0B30292951E370AEA39EAD25CCB1908B3CE466DE4A0DA401
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.290723909687696
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfQ1rPeUkwRe9:YvXKX+kV2UTbdciVGY16Ukee9
                                      MD5:2B61A536BBA90052748005C191C2C2A5
                                      SHA1:DC186937B7D916AD8CF3C14A1A22851F52FDB9B4
                                      SHA-256:8BA5E084B789CDF3D1EBF8A32E15CF56DCBAD69AF42E7941B28E612D63E9D67D
                                      SHA-512:B66EFB014170EC65C6EF132D210F4540A75DC22141CD782FB9274A3FEEC86E1DC74A1F20DA0A787352B67D2AC09354C833CEEDA1AF8C52F417E1FF3CBFDF9993
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.302294328699484
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfFldPeUkwRe9:YvXKX+kV2UTbdciVGz8Ukee9
                                      MD5:7BF862D906CDD3DB55F046CC75E0E3C0
                                      SHA1:F2AB7B9946BCD8358F6139DA27DAD34302471BBD
                                      SHA-256:C034A5EF8145AE77DAC2BFC85321385910BB6ECEC81BD6ACC1136D3724EF0DF0
                                      SHA-512:5A7EAAAA01D74BA298AE98E2E7B7B1DD707006C87B07405F7CAAD334D6CA0F4AA63D250B398929F4340066D5BFD29DD5B3D7A91C41D4A46978BA4B83809CA2C5
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.315060977360928
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfzdPeUkwRe9:YvXKX+kV2UTbdciVGb8Ukee9
                                      MD5:C28B9390699F4693AE8B23E763E1A703
                                      SHA1:154939C44B7FFFD6C5044B701CAB261B766D1FBF
                                      SHA-256:6CA3444B9BFCE5202F5BF63A3F11FFA7FD87FB257F76344D0B75BD960E80C696
                                      SHA-512:F50F5A30A6189B854A040E542DE0CCB0BE9B781016741F3083F003F1A30312B1DE0A2E83E6E16FB211E79644FEB12571EC16BC57E4E215BC288F73FC0C1E2C3C
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.295009368853716
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfYdPeUkwRe9:YvXKX+kV2UTbdciVGg8Ukee9
                                      MD5:DB447E04BC57DB106F0A3CE36752B5F4
                                      SHA1:1008C9DF203E135C90FBBB03F9C6475DFEB768C9
                                      SHA-256:497E99E8FE78B382E3B7EAC2664C413A676F3B0A2912A22358A369EEFAFB7E8F
                                      SHA-512:53286AE0FF804CB348871A4D5FDDE1E64C95A00B325E26D4FDB6739C8D34A358780D6C5F4CF33A7CEC7BB6DAE6FB0ED9919003C94E51FC9259ECDCCFDF73F37F
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):284
                                      Entropy (8bit):5.2806541769191435
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJf+dPeUkwRe9:YvXKX+kV2UTbdciVG28Ukee9
                                      MD5:BAC7C234CACCAE223556F4B5B4FC9BFE
                                      SHA1:0568804CFCA6138CB33ECBD6581B43A336CA9CC9
                                      SHA-256:7D5CBC936AEE7BFB09FB91836B1E21D51FC080C8F8012909A8A0A4F015A8BF4A
                                      SHA-512:4CE86DD9DADAB035A3233C1045FAF2CF3885421F2C387640F0D159223A75353F30B2818385300B55C353E7165D20E10864E4A893E2790FB8C06B3902B7430F2B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):291
                                      Entropy (8bit):5.278590766398001
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfbPtdPeUkwRe9:YvXKX+kV2UTbdciVGDV8Ukee9
                                      MD5:90B2A21DF948D8151E73313F51D0405E
                                      SHA1:DC65F1BBDD0B0B8CA19E27F7767A7666E88DF3E2
                                      SHA-256:B2284CD17787B3F2DE3D2F8B0EFDBDD9AFF75562E4FDDBBFE071431E367AF145
                                      SHA-512:4E679F6BD128AF71FD87AF80D60CE27E96AF3681064F6D93165750C1937655D2D788FC9293F5EA7E07E83FABB09B17E092B80173F63F0C8449FF9B6AF788B143
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.281253258833396
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJf21rPeUkwRe9:YvXKX+kV2UTbdciVG+16Ukee9
                                      MD5:3F0DD1C2EDBE65BB48631B52522389D4
                                      SHA1:2E502696267BA795B458B817AD931A5660742191
                                      SHA-256:05C51249C100152E2EFEECC06EA7C017DFE15F95311018EFB90129762DD0859D
                                      SHA-512:A56996930399CC0DAFD825A3B9AAB4A1DB03CC1E670FB9E7ABE97511BD022BC464FE6BA4AF04BBF7CEAA60FEA57FAA95B45F90A21F0830D9BA956E5FB7C3E6F3
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1090
                                      Entropy (8bit):5.665026765967526
                                      Encrypted:false
                                      SSDEEP:24:Yv6X+zUXi7amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSX2:YvLwiLBgkDMUJUAh8cvMm
                                      MD5:0C3506FCDCA47D5546715BA609904857
                                      SHA1:EEFBDE26B60D799A5E4C5BC782BF89E871BA1864
                                      SHA-256:AFA79D3FD74EF3B75B107ED8260593A4D47A2CF76FB88167C53A59C243EDAE12
                                      SHA-512:88818D6F3095485EEA1897D2FEE2CE33A4447621DF16E8B2E19C3C69B828AFF8D3D4E154E26D24408B0E14E803F3DAAF541D04DAB8414BF9EC8487E7C43F323C
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):286
                                      Entropy (8bit):5.259200249421187
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJfshHHrPeUkwRe9:YvXKX+kV2UTbdciVGUUUkee9
                                      MD5:B8BF8D578EB8BE0ACFF83A3B58CB2424
                                      SHA1:1ADABB60954F8D524EC9C195F50CBCB1107D9A26
                                      SHA-256:ACE2227C1BAFD557E1B9793E9A985542A7BCA0939FFD39FF7E7F44CC339E7DF2
                                      SHA-512:717B29989EAFF33C66B04EFC969D7478299B8ADFC9430793D7D2E8B59B965923440DC97DEEDFA3C937CAE0A392EB51AB3011002C26BC5D8043C0F3AF52E38BD4
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):282
                                      Entropy (8bit):5.263999664002579
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HX4PkUNY2UXjb24kF0YdRXUVeoAvJTqgFCrPeUkwRe9:YvXKX+kV2UTbdciVGTq16Ukee9
                                      MD5:D4825111D0D5D6D200E7A488B602C822
                                      SHA1:FCABCF580DFE50EE5909DF12C41CD4CDAE64E542
                                      SHA-256:567D2CB0FC6F7966C1CA3051AE6DCF010581FAA07A1B498427C36756B98D6CF6
                                      SHA-512:2FE0FB0A54957126B136192CD1F0D46BDDC918D4D74C11C113942ABC71988980F85F01C33446E74F4C4050685EAD36D11264D99F8DD047988F80F0CA3ED5B6F0
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"56cb8381-9345-4b1b-9219-637567404724","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1734267142522,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4
                                      Entropy (8bit):0.8112781244591328
                                      Encrypted:false
                                      SSDEEP:3:e:e
                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                      Malicious:false
                                      Preview:....

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2814
                                      Entropy (8bit):5.137173395466195
                                      Encrypted:false
                                      SSDEEP:48:Y/PheHRDEQyeB1/pyP+wq2XLZFoke2vV0alyuvI9sjd/:ihORDEQyeB1/pU+wq23xvV0a0Kmsp/
                                      MD5:D0B2C9824997BBEACDA568A9DD002324
                                      SHA1:55AB714A357CC14F27DDBC583560111FFF79DC69
                                      SHA-256:CB8F7E230F426AFBF7ADADE98BD64016E596CB8CDBA4693FC69EC032712DC8E9
                                      SHA-512:5E0BE32E66C3D4B848C2283BCC72D1ADED35F0734155A600880894125EEC764D170AAD980C26890BCBB4F2C771B5E2444433AC4A4186E13FC44EE04089DB3F1E
                                      Malicious:false
                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d3495ea7d05d7403b2cd89c16e420f69","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734093666000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"603a9353111ef944e31a9f3b8a8edfdb","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734093666000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"862a63c32da5c10d3037f1958e2ac4a9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734093666000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"3c77cc47fb98b6b6cdad7e92f6340281","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734093666000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7c5f3b136eb014902ebab9cf4db5602a","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734093666000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"85311235df7f9bedd33adabaaa6cc609","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                      Category:dropped
                                      Size (bytes):12288
                                      Entropy (8bit):1.3204193131716035
                                      Encrypted:false
                                      SSDEEP:24:TLKufx/XYKQvGJF7urs9O3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YL9dT+EXSqM:TGufl2GL7msUKB0M0+Tb608YLSrDx
                                      MD5:5BA95753A73DA0369A01100385C0615C
                                      SHA1:A5E7BAB65AD07C0E541FBAAAB5771A11B3B1029B
                                      SHA-256:D65644FF8B7CD2782612BE6A1246EF9F2847F8015C29BA20D0CC38D4B64E7AD8
                                      SHA-512:34A69F72B1BFF0B9E74111D640EB22F1EAA8A905F6BA9963F73CDED99B849FAF684A8BF38D2F3AD25B604108BB82841AA7F71E2FF34458001956C61577462AAC
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):1.780182855679562
                                      Encrypted:false
                                      SSDEEP:24:7+tTl3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YL9dT/EXSqXlyGKaiVqLhx/XYKB:7MNKB0M0+Tb608YLrrGKBqFl2GL7msJ
                                      MD5:D3D35AA74089E56C25FBD826E113D1BF
                                      SHA1:F7153F5CA3A5633959FBE0FA3688F536DD0C0334
                                      SHA-256:BC9261D52A9D21C56A23FC1C23AC814B8D496B125248241F83F9A48868D8738D
                                      SHA-512:9C9013A2917BAD9F99CD41B7322BA383968E663946EA71B1004D08CA10960465B50877670D49311545C9A2BC6C909F0A063FD7EABECC07DD1FC0067F693A4481
                                      Malicious:false
                                      Preview:.... .c.....).............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):66726
                                      Entropy (8bit):5.392739213842091
                                      Encrypted:false
                                      SSDEEP:768:RNOpblrU6TBH44ADKZEgvght9gz74JpQbKdsxsxWkC0uPJYyu:6a6TZ44ADEvgZgz74JedGC0SJK
                                      MD5:FC8CC04B0C8D05670165088CB3028775
                                      SHA1:8D2BE35A40498D0A2BBB2B6A5FFF47688573EEE2
                                      SHA-256:8BC53DEE517A061D5357D92A5EE78F567363605ED099480EA5C47E44DCD70173
                                      SHA-512:6B1BC6D104416756DC363E6831BBDFD934AF60AEC0BD92DDD5F6558D6E1B3F5BC3F5BC72BEDC1DC12F4E00BF0248C9AEEBB90DB340F262E54B73DB923F838BCD
                                      Malicious:false
                                      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FINAL_PDF.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\FINAL_PDF.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1427
                                      Entropy (8bit):5.357044657090546
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3owH8tHo6hAHKl
                                      MD5:C04A6EAF9A2CBEB13CBBF38C1B452961
                                      SHA1:BA0CBC9EBF4BEE40367E626FD3D74B0FD3BD87A5
                                      SHA-256:9A48F02FBA568F90C1507AF13C985F9006D80F801F0ACEEE79ED4D5B638276AA
                                      SHA-512:775D6AE54B04197339DB6AD1EE7BE93873FEAFAA3FA8B451EA017B903C9312706B7B9A01C4DFE80A610C3EFD099C6A83BAB164C4118137F9D16E938EC09D9EC8
                                      Malicious:true
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f1

                                      C:\Users\user\AppData\Local\Temp\MSI39170.LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):246
                                      Entropy (8bit):3.5081383324894926
                                      Encrypted:false
                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84UlAkQ2lwCH:Qw946cPbiOxDlbYnuRKT8DQCl
                                      MD5:A3352A04DE13E30508751D922FC6CABA
                                      SHA1:5662BA7680E86C23CE8E0F5FB63DFED191097FBE
                                      SHA-256:CAFB1564AA56D55A37C549106FF71167F98FE9CBAD87B280CA0D87271786FA6D
                                      SHA-512:880B10D24F92F8B29E334FEE21A6B3E4860B741439D35E4099869D20D390BB2A7DFF0D8ADCF76D663D7E692C32BC59D561E2770AA378BC918986332FC691A49C
                                      Malicious:false
                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.3./.1.2./.2.0.2.4. . .0.7.:.4.1.:.0.3. .=.=.=.....

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-13 07-40-54-834.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393)
                                      Category:dropped
                                      Size (bytes):16525
                                      Entropy (8bit):5.361022727805069
                                      Encrypted:false
                                      SSDEEP:384:cBD67lQV4j1MOuD/btX+wknz+fzTqyorqz3tVFr84AbAYpfFWbWt+Fjwn0z5O+Wf:4M5
                                      MD5:70A2D078BEFD5E910EE035832171B399
                                      SHA1:1AB91914ECD7852E512C73437D30013594A16FB0
                                      SHA-256:2B55DE84E5446FD295128DAD5827122E98AC784F96A1F422B711B14E8F7DB1ED
                                      SHA-512:9FF36D4E320A8791AB0B87F24CAB4CBE777D9E8A3A64D26AF419132CDFDFCCD9A253EE9854032C4C87C546187951077F869CBCBDC9513278C557FC4895C7DBBC
                                      Malicious:false
                                      Preview:SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:158+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="SetConfig:

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):15114
                                      Entropy (8bit):5.359217025220157
                                      Encrypted:false
                                      SSDEEP:384:v8I1I4hQ/tOWDSOngHk5AG5jQjwjHjojo6ysZpBr4zLpHPZWKaFmLm1CDSHAH2fR:6DWH
                                      MD5:613AFA0B9AC46A1843397B0A2E52ACC5
                                      SHA1:0D7D7C26FC3F2A5904DEB2739E6ABE3A268AD0CB
                                      SHA-256:0C2263884A9C2F35F378B324A2A54032BA1D4BBF104F702718D649CD57B61490
                                      SHA-512:4469F1A6DF7B313BAB387275AF5D093AEC14C81AACAE07534D7E95B2974A01BD6B3DC960BC53F799F9B23084C3781DB05821C0400076534A3EC5555FD63DACF4
                                      Malicious:false
                                      Preview:SessionID=53e0469e-2e35-4f39-b1cb-9f48bb652c3f.1734093654894 Timestamp=2024-12-13T07:40:54:894-0500 ThreadID=4560 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=53e0469e-2e35-4f39-b1cb-9f48bb652c3f.1734093654894 Timestamp=2024-12-13T07:40:54:895-0500 ThreadID=4560 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=53e0469e-2e35-4f39-b1cb-9f48bb652c3f.1734093654894 Timestamp=2024-12-13T07:40:54:895-0500 ThreadID=4560 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=53e0469e-2e35-4f39-b1cb-9f48bb652c3f.1734093654894 Timestamp=2024-12-13T07:40:54:895-0500 ThreadID=4560 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=53e0469e-2e35-4f39-b1cb-9f48bb652c3f.1734093654894 Timestamp=2024-12-13T07:40:54:895-0500 ThreadID=4560 Component=ngl-lib_NglAppLib Description="SetConf

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):29752
                                      Entropy (8bit):5.403468211459407
                                      Encrypted:false
                                      SSDEEP:192:zcbaIGkcbIcbiIICcbBOQQ0fQNCHPaPOhWPOA3mbSAcbsGC9GZPOdIzZMJzV3ZmJ:EGvIcNYdp+B
                                      MD5:B910DB7F3DE8EB9439A321FFF44A14AE
                                      SHA1:2E8876BB94137EBE2E4BF327F4F8C2EC8A13C767
                                      SHA-256:325B4944E0CADC8B42D3DB2E30DF1592696BE983FCAF58D3578A3F74ABFA669B
                                      SHA-512:97A74FADB32D4323C16C43E92FB86FA4847F2ADE1FF43DB4E161AC9EB9C61ADFCB4ACCDAEF2CA1A1ADC3C65491225AC0DCFB9CA4C95E4249BEE5AFF991148694
                                      Malicious:false
                                      Preview:05-10-2023 11:50:33:.---2---..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 11:50:33:.Closing File..05-10-

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\15745305-b379-4943-ad71-fad1b65028c3.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                                      Category:dropped
                                      Size (bytes):1407294
                                      Entropy (8bit):7.97605879016224
                                      Encrypted:false
                                      SSDEEP:24576:/x3kwYIGNPldpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:JUwZGP3mlind9i4ufFXpAXkrfUs0CWLk
                                      MD5:F802B2C46078F3A816EB5B7B794314DE
                                      SHA1:CEB302D8C10E73D852FB708F6E1DF331CAD90686
                                      SHA-256:03C434F9C0BB9AD6567C54172CDDE58AFF50F7FF22C205358285AE5F19376138
                                      SHA-512:243DEC1D17838AA6147A49438ECC8F5628F5DA1E461A6829865F81E6771F3030242E38A544760535D72473A679CB08FEE2EECB32E78885767D1B1AB2092B2C26
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\2653160e-a1f1-49d1-88ca-68ebba23d75c.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                      Malicious:false
                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\5d4232dd-318a-455a-b684-951ef60ea4ca.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:rBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1Lj3vfE4JvWTlP:r+Tegs661ybxrr/IxkB1mabFhOXZ/fEh
                                      MD5:C14EBC9A03804BAB863F67F539F142C6
                                      SHA1:FD44F63771819778149B24DD4B073940F5D95BFA
                                      SHA-256:A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE
                                      SHA-512:8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2
                                      Malicious:false
                                      Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\6046b2d4-1a58-4dad-9a87-227a5dbb08a0.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\63dabc7e-6e48-46e4-939b-f9c8027823e4.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                      Category:dropped
                                      Size (bytes):1419751
                                      Entropy (8bit):7.976496077007677
                                      Encrypted:false
                                      SSDEEP:24576:6D0WL07oXGZuwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:c0WLxXGZuwZGh3mlind9i4ufFXpAXkru
                                      MD5:8BB0FA47E49F27DE069D5487A9A84EF3
                                      SHA1:CE5CEA72D4D36F77C3057920EA61D280E66C6067
                                      SHA-256:59D05E069918050C54C570005FAD7FB3918D9882759A54BDA30EA71A199893D1
                                      SHA-512:6C015030D629B0E262B47194D38D48B327FE18F7836210CAE6A71800720D7563FEA529F71596A11CD3A833490F0097D69EB96C80E64AEAB410759B45C5EEF24E
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\7883c07f-2cdb-4925-a98b-bf2b1b1cf58d.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\7b3021ab-86be-4c0d-81b3-c3ebd6163536.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                      Malicious:false
                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\8163c8d5-6db1-45ed-a25e-d76f35a5824e.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 30130
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+fDERXTJJJJZ:O3Pjegf121YS8lkipdjMMNB1DofjEiJP
                                      MD5:B7C70D61EA40E219CEC3F01A7D798EF1
                                      SHA1:DC9D53253C2C889022E73E5F421B511FCAE18B33
                                      SHA-256:683BF470C65BE1E4F4C29B553371D254223B683D7526ABCDDD86E8677188764D
                                      SHA-512:EBDD3E7491741E4AA5450BC7751352EAF811ABF996ED228DBF42E979B4963BA724EC22226340118FC57CA99FB9876F4B47AF28CA62FC4FDBD2B3028A0D921012
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\Documents\OUCH_SOKHENG.pdf

                                      Download File
                                      Process:C:\Users\user\Desktop\FINAL_PDF.exe
                                      File Type:PDF document, version 1.5, 2 pages
                                      Category:dropped
                                      Size (bytes):352153
                                      Entropy (8bit):7.987392790928902
                                      Encrypted:false
                                      SSDEEP:6144:QmYn+v7HTxC1iY2JxiwZPaSkq1zeViHJ1cofqGL5jSfFLrSs/DKvOz:Rg+v7AQY2JxiGPaSt1KViHJ1cofpstfd
                                      MD5:A1F5622DDD5E328E8873DBBCF9203F6D
                                      SHA1:6A58637823B264D8858B91C8F0A5C501E0F70EFB
                                      SHA-256:A1E96ED0D011F7731B7DABCDDF559A19DD1B3C7C453122D44F8477CF21507E7B
                                      SHA-512:A7675EE6D4F5028763F497323F56230C7B1CFCEEFC54461514FA1BC347667B49AB92D65857FA281A33C94D68D5C05913F282D68A60DB6597C7F7612DDDDCD945
                                      Malicious:false
                                      Preview:%PDF-1.5.%.....9 0 obj.<<./Filter /FlateDecode./Length 158892./Length1 361412.>>.stream.x...|SU...}/I.,m.M.M..i.n.....h-[i.)kKY.T.........\......4 .AE.eFQg.q....E....M~....?....|~9....s.s.w_....D...+.jG.o....,4..T.W6^......I...*.U....P`m........\h.a..@..9nl.l........[F68.O.....W..w.m..o.b...Sl..uNK..u)O.8...,j.l.....Q.eX...Y....Y9.MI.....2..b....v..ge..}...{....6.e..m7b..czQ..4{....tHm..`....(...`..f.$;+.5`..?...s[[.}tM+0X..?aN.v....{.....\...=.cq<...KZ....|..X.>.......x.....<........0.`V1:...VX#....0-l......{?_...!..z..A...q.7.. .r...;..r....RM.$<.[.`.h..D,...4.....e .......7....D..:<!@0.aA.(....0dy.C..Xm..{t...F..W..Aw.f#0/O...C.H!R..........?SdKa.l..=[.\.k...ON.......6u.y!........^V..../.q?....zdW....le.o@}Z.%......Av.......T~$(...2.J|.&.5.F.S.D\wz.'...g......^W_y9...?{YE....x.4.[..9m.........\.8k..A.Z...5..l....g.{.....M..A.o...z...W..}.o.....E...gi@.......a...G......}.o..*X.[../..`...._.X....#0...f..)...>\....*.....}.B.\....#. n.

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):6.086336007722186
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      • DOS Executable Generic (2002/1) 0.01%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                      File name:FINAL_PDF.exe
                                      File size:1'671'240 bytes
                                      MD5:290905106503753d8bd791403e04fb04
                                      SHA1:a9ba718e1742482506325c18b3559f2282528343
                                      SHA256:32e950b63131f1aaf640047618a1ac8e380131c01d5a1a823dce9711308272e3
                                      SHA512:e2006e865ecfbcd96a3700ff81ddbe49f62c237454b0ba50992b2e74c5db661d41363fee0192b19c564047017fc67a3a1608a9570672211f81dcf40aaed9ab3e
                                      SSDEEP:24576:PZ8ghl4h2ClfoNxfHyHXyRGGp/rTNqtW6RpE0m9Amj:PZ8gPzChmxfHyHilp/rxozRPyb
                                      TLSH:7675F14973D4DA54FABF2739687409050F72FC1B9C32E65D2289A1AE2D32B528D21F73
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F../.........."...P.............^.... ........@.. ....................................`................................

                                      File Icon

                                      Icon Hash:357561d6dad24d55

                                      Static PE Info

                                      General

                                      Entrypoint:0x58a35e
                                      Entrypoint Section:.text
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x2FC3FD46 [Thu May 25 03:45:10 1995 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Authenticode Signature

                                      Signature Valid:false
                                      Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                      Signature Validation Error:The digital signature of the object did not verify
                                      Error Number:-2146869232
                                      Not Before, Not After
                                      • 17/02/2022 19:00:00 17/02/2025 18:59:59
                                      Subject Chain
                                      • CN=Tim Kosse, O=Tim Kosse, S=Nordrhein-Westfalen, C=DE
                                      Version:3
                                      Thumbprint MD5:D2F88AEA5C53DD7092E3CD7246907BE2
                                      Thumbprint SHA-1:E57CE01F6A5E1D4C522BC68488AF53D9BAD13AB7
                                      Thumbprint SHA-256:ED619A9A79713E12FFB757CF8A51BBA89FBB967EC6223C653F1F8932B0E2A25A
                                      Serial:31830C370AD7E497633B6EB3A02D69E6

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x18a3080x53.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x18c0000xc6bc.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1950000x3048.rsrc
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x19a0000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000x1883640x188400697e0d488044b16edee6d07411add435False0.6272674424394519data6.0849706978923175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0x18c0000xc6bc0xc800c0b0239fcd6c691eb375274aeca48798False0.2355078125data4.4973988309387485IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x19a0000xc0x200d5584762463d9aa4dfbebe15763dffd8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x18c2380x18dePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9696826892868363
                                      RT_ICON0x18db180x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.08974964572508266
                                      RT_ICON0x191d400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.12935684647302906
                                      RT_ICON0x1942e80x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.16553254437869822
                                      RT_ICON0x195d500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.21106941838649157
                                      RT_ICON0x196df80x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.29508196721311475
                                      RT_ICON0x1977800x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 16800.33313953488372094
                                      RT_ICON0x197e380x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.4592198581560284
                                      RT_GROUP_ICON0x1982a00x76data0.7457627118644068
                                      RT_VERSION0x1983180x3a4data0.44635193133047213

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Dec 13, 2024 13:40:20.462347984 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:20.462394953 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:20.462455034 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:20.474509954 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:20.474531889 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:21.856905937 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:21.856981039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:21.861138105 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:21.861157894 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:21.861582041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:21.907443047 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:21.947735071 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:21.991336107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.366969109 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.366992950 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.367048025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.367065907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.367100000 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.375231028 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.375317097 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.392445087 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.392514944 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.473602057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.473665953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.562628031 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.562781096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.574569941 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.574681044 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.581048012 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.581127882 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.593725920 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.593816042 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.605989933 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.606131077 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.612446070 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.612565994 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.625652075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.625835896 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.708590031 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.708723068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.753437042 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.753566027 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.757571936 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.757663965 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.765295029 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.765371084 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.773139954 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.773221970 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.777142048 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.777236938 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.785329103 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.785408974 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.792603970 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.792670012 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.796627998 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.796694994 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.804501057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.804579020 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.814588070 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.814677000 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.816456079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.816524982 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.824301958 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.824426889 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.831864119 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.831984997 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.835799932 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.835897923 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.900219917 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.900279045 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.943639040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.943730116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.948308945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.948375940 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.953572989 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.953650951 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.959361076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.959445953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.965347052 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.965414047 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.968949080 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.969008923 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.973150015 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.973221064 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.975979090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.976042986 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.978141069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.978194952 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.982084990 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.982132912 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.985549927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.985600948 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.987438917 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.987498999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.991077900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.991137028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.995261908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.995310068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:22.997080088 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:22.997127056 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.001010895 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.001060963 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.005299091 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.005354881 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.007404089 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.007462025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.011029959 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.011101961 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.015410900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.015544891 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.016721010 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.016793966 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.020869970 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.020941019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.022633076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.022695065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.092688084 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.092782021 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.094616890 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.094676971 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.137818098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.137907028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.139431000 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.139502048 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.141900063 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.141979933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.145612001 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.145675898 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.148593903 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.148653984 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.149445057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.149565935 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.154426098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.154484987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.155332088 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.155385017 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.156534910 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.156595945 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.158675909 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.158741951 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.160892963 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.160959005 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.162218094 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.162277937 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.164295912 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.164356947 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.166414022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.166472912 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.168668032 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.168725014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.169790030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.169841051 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.172080994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.172132015 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.173259974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.173310995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.174099922 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.174149036 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.175431967 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.175506115 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.177630901 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.177696943 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.179620028 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.179697037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.180749893 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.180805922 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.183032990 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.183104038 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.185192108 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.185251951 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.187351942 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.187417030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.188564062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.188623905 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.190680981 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.190754890 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.192951918 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.193017960 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.292541027 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.292678118 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.293826103 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.293898106 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.346106052 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.346188068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.346841097 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.346899033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.348933935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.348989964 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.351139069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.351200104 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.352279902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.352338076 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.354454041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.354547977 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.356673002 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.356735945 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.357844114 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.357906103 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.360042095 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.360126019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.362282991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.362349033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.363528013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.363579988 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.365576982 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.365648985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.367674112 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.367738962 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.368799925 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.368865967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.371195078 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.371254921 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.373208046 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.373270035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.374398947 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.374463081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.376597881 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.376663923 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.378745079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.378803968 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.380434990 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.380507946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.382628918 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.382697105 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.383982897 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.384082079 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.386003017 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.386065960 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.388051987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.388118029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.389363050 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.389425039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.391443014 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.391514063 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.393584013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.393649101 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.394799948 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.394871950 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.397006035 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.397057056 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.399058104 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.399115086 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.555742025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.555824041 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.557157040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.557215929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.583811998 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.583892107 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.585365057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.585423946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.586514950 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.586791992 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.588713884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.588772058 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.590833902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.590890884 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.592044115 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.592114925 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.594182014 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.594238997 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.596363068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.596414089 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.598491907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.598546982 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.599750996 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.599806070 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.601830006 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.601882935 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.604041100 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.604099989 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.605237961 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.605290890 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.607352018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.607404947 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.609529018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.609586000 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.610759974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.610832930 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.612859964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.612940073 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.615073919 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.615164995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.616718054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.616776943 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.618912935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.618985891 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.620064974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.620124102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.622174978 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.622239113 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.624350071 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.624412060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.625591040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.625652075 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.627665997 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.627746105 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.629875898 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.629930019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.631232023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.631300926 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.633358002 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.633440018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.635622025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.635689020 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.636843920 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.636915922 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.748212099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.748347998 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.749598980 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.749671936 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.775410891 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.775535107 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.777312994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.777403116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.778532028 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.778609037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.780630112 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.780709028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.782844067 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.782905102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.784061909 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.784142971 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.786313057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.786395073 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.788434029 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.788528919 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.789627075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.789707899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.791790009 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.791870117 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.793915033 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.793992996 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.795068026 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.795140982 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.797336102 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.797409058 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.799458027 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.799525023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.801623106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.801702023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.802792072 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.802856922 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.804862976 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.804929018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.807076931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.807162046 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.808254004 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.808334112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.809931993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.809990883 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.812212944 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.812285900 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.814244986 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.814321995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.815361977 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.815438032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.817624092 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.817694902 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.819726944 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.819787025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.821979046 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.822043896 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.823136091 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.823195934 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.825272083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.825336933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.827441931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.827506065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.828723907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.828790903 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.940664053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.940804958 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.941637993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.941710949 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.968534946 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.968600035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.970196009 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.970263004 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.971636057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.971703053 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.973736048 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.973810911 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.975014925 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.975081921 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.977139950 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.977195024 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.979254007 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.979487896 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.980442047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.980503082 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.982640982 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.982712030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.984740019 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.984822035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.985995054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.986058950 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.988236904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.988311052 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.990362883 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.990442038 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.991542101 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.991601944 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.993717909 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.993784904 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.995824099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.995882034 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.997941017 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.997996092 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:23.999149084 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:23.999208927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.001225948 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.001285076 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.003012896 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.003072023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.005101919 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.005172968 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.006331921 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.006393909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.008615017 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.008687019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.010607004 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.010674953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.011847019 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.011915922 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.014054060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.014123917 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.016139030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.016210079 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.018337965 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.018384933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.019536018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.019646883 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.021626949 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.021682978 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.132647038 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.132786989 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.134809017 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.134886026 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.162394047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.162525892 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.163623095 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.163702011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.165757895 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.165818930 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.167890072 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.167956114 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.169117928 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.169177055 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.171422958 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.171509981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.173410892 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.173468113 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.174566031 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.174618959 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.176805019 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.176865101 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.178864002 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.178927898 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.181098938 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.181159973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.182284117 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.182343006 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.184362888 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.184417963 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.186642885 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.186702013 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.187844992 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.187901974 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.189889908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.189966917 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.192092896 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.192172050 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.193335056 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.193389893 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.195514917 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.195576906 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.197145939 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.197206974 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.199227095 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.199297905 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.201436043 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.201534986 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.202713013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.202774048 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.204777956 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.204858065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.206983089 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.207046986 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.208220005 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.208292961 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.210453987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.210515976 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.212522984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.212599039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.213704109 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.213792086 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.324779987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.324928045 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.325350046 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.325411081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.353831053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.353981972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.355154037 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.355258942 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.357148886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.357208967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.358355045 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.358408928 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.360491037 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.360579967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.362643003 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.362723112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.363842964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.363893032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.365997076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.366050005 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.368113995 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.368170023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.369404078 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.369463921 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.371588945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.371655941 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.373650074 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.373728037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.374826908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.374888897 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.377055883 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.377110958 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.379105091 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.379158020 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.380337000 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.380392075 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.382503986 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.382556915 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.384618044 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.384669065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.385786057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.385834932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.388061047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.388113976 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.389755964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.389816999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.391836882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.391908884 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.393970966 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.394052029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.395165920 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.395215034 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.397358894 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.397428036 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.399679899 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.399733067 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.400677919 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.400734901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.402863979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.402918100 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.405009985 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.405085087 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.406308889 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.406361103 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.516710997 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.516815901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.517260075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.517318964 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.546546936 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.546617985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.547081947 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.547132969 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.548897982 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.548949003 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.551028013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.551083088 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.553271055 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.553322077 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.554413080 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.554461956 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.556459904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.556519985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.558660984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.558712959 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.559910059 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.560072899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.561980009 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.562036991 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.564158916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.564209938 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.565392971 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.565442085 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.567487955 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.567538977 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.569724083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.569793940 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.570874929 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.570920944 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.573107958 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.573175907 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.575193882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.575249910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.576396942 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.576442957 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.578659058 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.578739882 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.580672979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.580729008 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.582380056 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.582422018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.584650993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.584700108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.585793018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.585844994 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.588042974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.588090897 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.590058088 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.590106010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.591200113 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.591253996 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.593533993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.593583107 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.595596075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.595642090 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.596781969 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.596832037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.598988056 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.599034071 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.709333897 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.709415913 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.710694075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.710753918 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.738358974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.738423109 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.739844084 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.739905119 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.741151094 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.741218090 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.743383884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.743438005 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.745373964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.745430946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.747553110 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.747622967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.748776913 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.748826981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.750895977 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.750957966 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.753101110 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.753154039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.754277945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.754328012 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.756424904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.756480932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.758656025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.758722067 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.759802103 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.759846926 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.761915922 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.761974096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.764125109 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.764183044 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.765326023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.765379906 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.767558098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.767613888 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.769644022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.769700050 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.770849943 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.770915985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.773494005 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.773550987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.774744034 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.774804115 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.776798964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.776866913 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.778995991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.779056072 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.780241013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.780302048 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.782320023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.782373905 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.784496069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.784557104 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.785727978 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.785794973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.787916899 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.787975073 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.790019035 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.790189981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.791239023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.791296959 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.901664972 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.901774883 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.903321981 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.903393030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.930474997 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.930558920 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.932382107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.932444096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.933604956 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.933660030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.935868979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.935926914 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.937895060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.937952995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.939172983 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.939224958 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.941395998 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.941453934 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.943491936 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.943542957 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.944709063 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.944756985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.946918964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.946965933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.948952913 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.949007988 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.951118946 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.951179981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.952379942 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.952450991 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.954549074 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.954615116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.956645966 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.956724882 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.957869053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.957942963 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.959930897 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.959988117 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.962147951 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.962208033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.963386059 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.963437080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.965475082 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.965528011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.967211008 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.967262983 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.969364882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.969415903 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.971504927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.971554995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.972814083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.972863913 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.974797010 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.974837065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.977054119 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.977124929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.977135897 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.977175951 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.978250980 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.978307009 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.980356932 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.980406046 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.982487917 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.982544899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:24.983804941 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:24.983859062 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.094336987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.094412088 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.095429897 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.095483065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.123111963 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.123209953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.125068903 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.125123024 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.126313925 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.126369953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.128369093 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.128433943 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.130590916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.130641937 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.131865978 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.131917000 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.134723902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.134768963 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.136884928 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.136938095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.137959957 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.138009071 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.140489101 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.140538931 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.142695904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.142743111 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.144052029 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.144108057 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.146464109 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.146512985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.148531914 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.148581028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.149446964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.149487019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.151294947 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.151344061 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.152928114 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.152971983 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.154071093 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.154114962 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.156681061 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.156740904 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.157685995 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.157754898 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.159914017 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.159960985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.162077904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.162139893 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.163182974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.163229942 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.165381908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.165430069 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.167574883 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.167623043 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.168701887 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.168752909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.171107054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.171159983 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.173130989 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.173177004 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.174341917 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.174398899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.176408052 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.176490068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.286608934 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.286699057 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.289449930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.289521933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.315531969 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.315640926 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.317790985 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.317871094 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.318803072 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.318882942 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.321089029 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.321152925 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.323311090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.323379040 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.324389935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.324460983 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.326658964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.326719999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.328838110 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.328888893 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.330127954 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.330182076 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.332325935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.332396984 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.334312916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.334367990 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.335406065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.335460901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.337661028 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.337718010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.340001106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.340058088 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.342037916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.342087030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.343375921 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.343452930 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.345236063 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.345290899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.347429991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.347482920 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.348762989 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.348829985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.350327015 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.350393057 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.352490902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.352555990 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.354568958 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.354619980 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.355789900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.355845928 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.357991934 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.358052015 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.360151052 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.360223055 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.362443924 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.362518072 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.363506079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.363569021 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.365705013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.365765095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.367882013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.367948055 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.478905916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.478979111 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.479350090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.479403019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.507673025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.507752895 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.508054018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.508117914 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.509918928 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.509999037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.512269974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.512350082 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.513560057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.513629913 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.515400887 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.515472889 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.517600060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.517671108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.518788099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.518846035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.521002054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.521064043 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.523087025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.523144960 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.524295092 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.524350882 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.526562929 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.526613951 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.526649952 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.528719902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.528774023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.529937983 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.529988050 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.532241106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.532320023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.534159899 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.534224033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.535398960 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.535459995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.537636042 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.537688017 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.539803028 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.539868116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.542228937 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.542283058 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.543732882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.543788910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.544692039 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.544748068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.546896935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.546951056 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.549133062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.549192905 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.550338030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.550398111 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.552480936 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.552530050 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.554645061 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.554714918 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.555696964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.555752993 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.558048964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.558105946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.560816050 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.560878992 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.671936989 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.672055006 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.673408985 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.673492908 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.701029062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.701198101 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.702706099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.703022003 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.703655005 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.703766108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.705840111 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.705955029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.707389116 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.707477093 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.707982063 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.708060980 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.711041927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.711158037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.712421894 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.712502003 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.713502884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.713570118 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.715686083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.715764999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.717853069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.717915058 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.719049931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.719109058 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.721173048 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.721246958 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.723349094 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.723421097 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.724513054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.724577904 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.726588964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.726639032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.728780985 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.728857040 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.729962111 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.730027914 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.732167006 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.732249022 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.734253883 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.734313011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.735826969 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.735888004 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.738594055 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.738673925 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.739697933 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.739764929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.741564035 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.741627932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.743633986 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.743699074 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.744826078 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.744898081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.747061968 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.747134924 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.749221087 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.749305010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.750403881 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.750478983 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.752552032 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.752650023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.865936995 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.866070032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.867105007 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.867191076 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.896508932 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.896632910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.897789001 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.897876024 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.899815083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.899903059 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.901082039 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.901159048 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.903218031 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.903289080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.905422926 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.905483007 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.906744957 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.906835079 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.908646107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.908710003 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.910880089 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.910943031 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.911986113 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.912046909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.914138079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.914196014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.916495085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.916557074 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.917625904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.917860031 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.919822931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.919903994 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.921883106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.921953917 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.923504114 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.923571110 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.925276995 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.925338030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.927469969 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.927562952 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.928709030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.928786039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.931359053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.931440115 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.932539940 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.932632923 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.934626102 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.934725046 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.936821938 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.936912060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.938015938 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.938106060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.940196991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.940293074 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.942331076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.942419052 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.943562984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.943622112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.945735931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.945825100 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.947940111 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.948009014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:25.949091911 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:25.949155092 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.058757067 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.059004068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.060214043 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.060302019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.088311911 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.088422060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.090022087 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.090147972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.092360973 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.092468977 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.093961000 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.094028950 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.095880032 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.095947981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.097623110 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.097687006 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.098870039 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.098954916 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.101044893 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.101133108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.103351116 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.103418112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.104379892 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.104446888 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.106597900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.106669903 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.109040022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.109169006 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.109967947 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.110032082 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.112174034 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.112241030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.114274025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.114331961 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.115444899 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.115530014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.117613077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.117685080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.119729996 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.119807005 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.121982098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.122047901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.123625994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.123693943 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.124850035 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.124919891 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.127284050 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.127358913 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.129194021 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.129256010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.130328894 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.130393982 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.132735014 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.132807016 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.134679079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.134767056 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.135849953 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.135920048 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.138053894 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.138132095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.140116930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.140182018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.142224073 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.142291069 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.251179934 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.251291037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.253030062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.253109932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.280975103 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.281040907 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.282124043 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.282180071 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.284301043 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.284349918 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.286462069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.286525965 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.287619114 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.287669897 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.289812088 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.289864063 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.291946888 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.291997910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.293286085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.293544054 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.295381069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.295440912 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.297481060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.297554970 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.299635887 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.299707890 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.300832033 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.300889015 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.302927971 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.303004026 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.305716038 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.305774927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.306911945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.306977034 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.308515072 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.308557987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.310656071 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.310724974 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.311793089 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.311856031 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.313945055 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.313992977 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.315702915 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.315779924 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.317811966 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.317868948 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.320002079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.320066929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.321213007 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.321269989 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.323327065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.323381901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.325545073 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.325598955 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.326726913 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.326786041 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.328937054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.328988075 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.331242085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.331322908 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.332459927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.332515955 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.334337950 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.334393024 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.443743944 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.443820953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.444938898 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.444993973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.473453045 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.473521948 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.475487947 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.475545883 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.476702929 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.476767063 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.478893995 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.478951931 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.481000900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.481081009 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.482173920 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.482223988 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.484363079 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.484422922 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.486490965 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.486552954 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.487682104 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.487742901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.489850044 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.489912033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.491939068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.492017984 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.494293928 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.494347095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.495461941 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.495517015 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.497510910 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.497559071 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.499669075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.499721050 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.500900984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.500952959 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.502963066 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.503032923 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.505148888 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.505203009 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.506844044 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.506894112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.508059025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.508109093 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.510271072 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.510325909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.512440920 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.512492895 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.514568090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.514621019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.515825987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.515876055 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.517879009 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.517925978 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.520045996 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.520093918 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.521311998 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.521358013 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.523605108 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.523715973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.525583029 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.525655985 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.635227919 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.635359049 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.635801077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.635868073 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.665241003 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.665376902 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.665653944 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.665733099 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.667704105 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.667799950 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.669903040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.669982910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.671114922 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.671189070 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.673249006 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.673314095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.675466061 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.675543070 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.676525116 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.676584959 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.678812027 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.678881884 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.680983067 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.681168079 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.682096004 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.682158947 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.684307098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.684389114 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.686572075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.686642885 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.687627077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.687688112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.689743042 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.689805984 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.691890955 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.691956997 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.694083929 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.694154978 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.695225954 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.695291042 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.697355986 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.697406054 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.699568987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.699631929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.701240063 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.701294899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.702493906 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.702547073 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.704627991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.704685926 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.706732988 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.706803083 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.707962036 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.708014011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.710199118 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.710256100 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.712229013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.712289095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.714427948 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.714484930 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.715599060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.715658903 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.717761993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.717833996 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.827253103 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.827382088 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.828119040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.828180075 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.857053041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.857115030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.858442068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.858498096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.860624075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.860690117 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.861895084 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.862189054 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.864065886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.864115953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.866154909 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.866223097 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.867363930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.867412090 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.869463921 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.869509935 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.871644974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.871704102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.872833967 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.872893095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.875082970 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.875159979 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.877167940 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.877209902 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.878379107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.878428936 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.880578041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.880623102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.882705927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.882770061 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.884901047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.884946108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.886158943 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.886203051 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.888262987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.888309002 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.890369892 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.890409946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.892071009 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.892119884 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.893301964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.893347979 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.895389080 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.895441055 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.897536993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.897578955 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.898793936 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.898858070 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.901017904 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.901071072 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.903013945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.903059006 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.905447960 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.905509949 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.906661987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.906709909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.908734083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.908807039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:26.910984039 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:26.911161900 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.019856930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.019952059 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.021115065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.021173000 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.050158024 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.050265074 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.051426888 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.051510096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.053003073 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.053064108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.055427074 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.055495024 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.056545973 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.056602001 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.060870886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.060923100 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.061003923 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.061047077 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.062383890 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.062437057 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.064482927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.064542055 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.066639900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.066693068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.067934036 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.067986012 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.069988012 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.070043087 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.072137117 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.072195053 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.073317051 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.073375940 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.075597048 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.075659037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.078458071 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.078545094 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.079760075 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.079823971 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.081052065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.081119061 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.083244085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.083307028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.084737062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.084791899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.086553097 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.086610079 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.087877035 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.087934971 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.090025902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.090082884 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.092118979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.092179060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.093277931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.093329906 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.095465899 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.095515013 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.097548962 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.097604990 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.099791050 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.099844933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.101000071 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.101073980 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.104132891 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.104207039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.211791992 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.211875916 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.213684082 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.213748932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.241796970 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.242024899 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.243179083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.243243933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.245425940 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.245496988 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.247421980 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.247489929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.248724937 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.248781919 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.250825882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.250881910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.252971888 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.253026962 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.254137993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.254189014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.256484032 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.256553888 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.258961916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.259040117 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.261683941 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.261753082 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.262938023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.263000965 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.264750004 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.264852047 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.266362906 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.266418934 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.267389059 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.267441034 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.269509077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.269566059 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.271641016 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.271701097 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.272871971 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.272932053 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.274981022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.275041103 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.276736021 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.276793957 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.278812885 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.278872967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.281021118 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.281095982 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.282188892 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.282244921 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.284329891 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.284387112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.286550045 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.286621094 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.287775040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.287826061 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.289835930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.289896011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.292061090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.292156935 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.293337107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.293390036 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.295419931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.295486927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.404613018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.404745102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.406627893 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.406692028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.457655907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.457721949 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.458853960 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.458908081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.461286068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.461344957 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.462506056 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.462560892 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.464730024 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.464785099 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.466873884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.466917038 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.469166040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.469214916 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.470328093 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.470376968 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.472275972 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.472321987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.474500895 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.474558115 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.475676060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.475724936 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.477801085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.477854967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.479973078 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.480025053 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.481228113 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.481272936 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.483278036 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.483405113 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.485497952 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.485593081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.486730099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.486780882 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.488989115 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.489037991 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.491017103 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.491060972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.492222071 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.492266893 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.494488955 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.494544029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.496536016 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.496581078 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.496676922 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.497790098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.497836113 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.500526905 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.500583887 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.501657963 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.501703024 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.503673077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.503721952 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.503732920 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.503777027 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.505942106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.505994081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.507117033 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.507164955 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.509449959 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.509496927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.511425972 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.511471033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.598880053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.599036932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.600668907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.600735903 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.650229931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.650336027 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.652139902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.652200937 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.653740883 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.653800011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.655814886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.655877113 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.657031059 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.657084942 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.659214020 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.659274101 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.661293030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.661345005 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.662623882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.662674904 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.664825916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.664880037 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.666841030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.666887999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.669028997 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.669079065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.670222998 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.670269966 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.672328949 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.672382116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.674618959 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.674673080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.675878048 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.675928116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.677845955 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.677896976 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.680037975 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.680088043 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.681272984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.681318998 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.683362961 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.683414936 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.685692072 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.685755968 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.686928034 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.686978102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.688992977 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.689043999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.691030979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.691081047 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.692679882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.692728996 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.694889069 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.694940090 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.696141005 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.696193933 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.698205948 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.698265076 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.700414896 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.700464964 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.701639891 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.701709986 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.790379047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.790529966 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.791606903 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.791672945 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.841741085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.841891050 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.842279911 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.842334986 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.844782114 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.844844103 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.845971107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.846029997 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.848120928 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.848182917 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.850239038 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.850297928 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.851440907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.851502895 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.853686094 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.853748083 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.855760098 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.855823040 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.856945992 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.857001066 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.859148979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.859200001 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.861208916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.861263990 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.862507105 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.862557888 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.864839077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.864900112 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.866806030 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.866862059 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.868967056 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.869025946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.870143890 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.870201111 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.872256041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.872328043 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.874428034 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.874490023 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.875673056 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.875749111 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.877739906 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.877789974 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.880001068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.880052090 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.881259918 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.881328106 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.883438110 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.883507967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.885272980 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.885344028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.887754917 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.887815952 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.890459061 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.890528917 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.891833067 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.891891003 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.893918037 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.893975019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.895884991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.895955086 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.982677937 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.982793093 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:27.983339071 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:27.983402967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.033843994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.033919096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.035399914 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.035451889 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.036873102 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.036925077 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.039109945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.039159060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.040234089 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.040298939 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.042572021 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.042639017 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.044866085 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.044928074 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.045903921 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.045963049 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.048006058 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.048083067 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.050116062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.050163984 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.051269054 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.051326990 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.053638935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.053719997 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.055700064 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.055752039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.056862116 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.056920052 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.059078932 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.059153080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.061130047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.061208010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.063350916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.063440084 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.064469099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.064534903 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.066659927 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.066718102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.068928957 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.068979025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.070246935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.070310116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.072123051 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.072180986 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.074357986 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.074409008 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.075999022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.076066017 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.077214003 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.077272892 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.079467058 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.079521894 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.081486940 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.081537962 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.083703995 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.083775997 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.084882975 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.084948063 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.086992025 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.087057114 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.175091982 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.175302029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.176740885 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.176812887 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.226329088 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.226524115 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.227736950 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.227799892 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.229350090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.229413033 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.231434107 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.231501102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.233629942 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.233695030 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.235049009 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.235111952 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.236975908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.237040043 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.239132881 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.239197969 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.240396023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.240459919 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.242594004 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.242660046 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.244668961 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.244739056 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.245866060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.245923042 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.248066902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.248130083 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.250159979 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.250219107 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.251401901 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.251461029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.253609896 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.253673077 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.255644083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.255705118 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.256949902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.257010937 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.259223938 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.259285927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.261147022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.261209011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.263402939 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.263462067 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.264600992 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.264663935 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.266640902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.266700029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.268487930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.268541098 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.270520926 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.270585060 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.271752119 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.271814108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.273947001 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.274008989 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.276125908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.276187897 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.277282953 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.277345896 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.279459953 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.279521942 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.367974997 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.368158102 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.369182110 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.369256973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.419003963 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.419189930 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.420167923 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.420365095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.422641039 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.422714949 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.423919916 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.423995018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.426078081 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.426150084 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.428129911 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.428193092 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.429395914 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.429460049 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.431447029 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.431509972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.433649063 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.433705091 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.434921980 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.435000896 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.436851978 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.436906099 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.439043999 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.439099073 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.440294981 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.440346956 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.442485094 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.442547083 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.444674015 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.444736958 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.445768118 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.445828915 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.447937965 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.447998047 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.450114965 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.450172901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.451333046 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.451415062 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.453504086 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.453563929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.455651999 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.455713987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.456948996 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.457026958 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.459808111 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.459871054 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.461040020 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.461098909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.463051081 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.463110924 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.465013981 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.465080976 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.466187000 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.466239929 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.468364000 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.468422890 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.470484972 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.470561981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.471615076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.471683025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.560060024 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.560302973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.561800003 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.561866999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.610940933 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.611022949 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.613009930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.613075018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.614927053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.614985943 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.616213083 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.616270065 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.618395090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.618463993 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.620408058 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.620479107 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.622620106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.622677088 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.623831987 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.623889923 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.625919104 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.625991106 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.628103018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.628164053 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.629364967 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.629448891 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.631500006 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.631571054 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.633627892 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.633682966 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.634818077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.634875059 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.637037992 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.637109041 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.639152050 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.639213085 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.640357018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.640409946 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.642604113 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.642652035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.644654989 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.644718885 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.645853043 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.645905972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.645920992 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.648089886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.648152113 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.650171041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.650264025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.651810884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.651858091 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.654021978 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.654069901 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.655261040 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.655328035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.657476902 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.657536983 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.659549952 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.659601927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.660845041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.660897017 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.662987947 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.663042068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.665009022 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.665066004 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.752566099 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.752696991 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.754018068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.754200935 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.803112984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.803184032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.805326939 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.805423975 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.807282925 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.807354927 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.809384108 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.809458971 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.810609102 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.810671091 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.812710047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.812787056 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.814830065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.814907074 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.817101002 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.817183018 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.818356037 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.818422079 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.820317984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.820384979 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.822578907 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.822642088 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.823805094 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.823870897 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.825810909 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.825864077 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.828032017 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.828075886 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.829221010 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.829286098 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.831322908 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.831371069 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.833581924 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.833648920 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.834768057 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.834817886 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.837012053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.837064028 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.839145899 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.839207888 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.840251923 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.840305090 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.842449903 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.842494011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.844136000 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.844182014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.846290112 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.846339941 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.848392010 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.848452091 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.849678993 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.849754095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.851766109 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.851809978 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.854060888 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.854108095 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.855175972 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.855218887 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.944154978 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.944221973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.945564985 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.945627928 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.995045900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.995137930 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.995568991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.995620966 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.998111010 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.998182058 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:28.999382973 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:28.999453068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.001472950 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.001534939 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.003592968 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.003655910 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.004718065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.004765987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.007004976 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.007081032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.009094954 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.009150982 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.010340929 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.010396957 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.012501955 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.012561083 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.014616013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.014671087 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.016803026 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.016875029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.018007994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.018063068 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.020119905 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.020198107 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.022301912 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.022377014 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.023482084 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.023535013 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.025644064 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.025712967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.027810097 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.027869940 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.029051065 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.029102087 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.031106949 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.031168938 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.033360004 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.033427954 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.034570932 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.034635067 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.037240028 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.037333965 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.038404942 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.038461924 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.040523052 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.040585041 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.042675018 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.042737007 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.043894053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.043961048 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.046056032 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.046109915 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.048583984 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.048650980 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.136818886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.136950970 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.138371944 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.138447046 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.187542915 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.187618017 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.188982964 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.189048052 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.190263033 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.190332890 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.192517996 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.192598104 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.193733931 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.193816900 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.195947886 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.196007967 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.198160887 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.198235989 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.199398041 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.199464083 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.201370001 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.201421976 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.203564882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.203624010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.204735994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.204802036 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.206971884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.207046032 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.209095955 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.209161043 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.211337090 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.211390972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.212580919 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.212639093 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.214545012 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.214610100 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.216758013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.216814995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.217962027 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.218029976 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.220035076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.220099926 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.222300053 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.222354889 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.224980116 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.225071907 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.225606918 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.225658894 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.227766991 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.227818012 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.229398966 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.229455948 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.231831074 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.231898069 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.232934952 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.233000040 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.235200882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.235253096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.237166882 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.237232924 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.238353968 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.238437891 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.240458012 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.240510941 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.329345942 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.329473019 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.330848932 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.330921888 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.382584095 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.382683039 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.384090900 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.384155035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.386207104 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.386271954 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.387411118 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.387485027 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.389514923 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.389578104 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.391680002 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.391755104 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.392893076 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.392954111 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.395029068 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.395096064 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.397181988 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.397241116 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.398468971 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.398525953 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.400635958 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.400710106 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.402766943 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.402828932 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.404042959 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.404097080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.406136036 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.406193972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.408191919 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.408247948 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.410403013 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.410459995 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.411650896 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.411704063 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.413743019 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.413796902 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.415904999 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.415961981 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.417140961 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.417193890 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.419253111 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.419317007 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.421024084 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.421081066 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.423074961 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.423130035 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.424283981 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.424341917 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.426418066 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.426477909 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.428580999 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.428641081 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.430793047 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.430855989 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.432040930 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.432097912 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.434075117 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.434135914 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.436275959 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.436331987 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.521437883 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.521522999 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.523652077 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.523715973 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.575148106 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.575280905 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.576626062 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.576689959 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.578927994 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.578994036 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.580125093 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.580183029 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.582144976 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.582206011 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.584340096 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.584403038 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.585779905 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.585840940 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.587651968 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.587711096 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.589848042 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.590070963 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.591078043 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.591135025 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.593130112 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.593189955 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.595387936 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.595443010 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.596599102 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.596654892 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.598722935 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.598787069 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.601012945 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.601082087 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.602327108 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.602390051 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.604310036 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.604378939 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.606353045 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.606414080 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.607593060 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.607656002 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.610272884 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.610340118 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.611438990 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.611510038 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.613533974 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.613598108 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.615708113 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.615781069 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.617031097 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.617094040 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.619153023 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.619220972 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.621187925 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.621249914 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.621263981 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.621315956 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.621325016 CET4434970791.134.10.168192.168.2.10
                                      Dec 13, 2024 13:40:29.621364117 CET49707443192.168.2.1091.134.10.168
                                      Dec 13, 2024 13:40:29.628293991 CET49707443192.168.2.1091.134.10.168

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Dec 13, 2024 13:40:20.316390038 CET5506553192.168.2.101.1.1.1
                                      Dec 13, 2024 13:40:20.453573942 CET53550651.1.1.1192.168.2.10
                                      Dec 13, 2024 13:41:06.155288935 CET5165453192.168.2.101.1.1.1
                                      Dec 13, 2024 13:41:18.644422054 CET6405053192.168.2.101.1.1.1
                                      Dec 13, 2024 13:41:41.902834892 CET5060353192.168.2.101.1.1.1
                                      Dec 13, 2024 13:42:05.973151922 CET6222053192.168.2.101.1.1.1

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Dec 13, 2024 13:40:20.316390038 CET192.168.2.101.1.1.10x8200Standard query (0)i.ibb.coA (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:41:06.155288935 CET192.168.2.101.1.1.10xb2bdStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:41:18.644422054 CET192.168.2.101.1.1.10x8204Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:41:41.902834892 CET192.168.2.101.1.1.10x24c3Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:42:05.973151922 CET192.168.2.101.1.1.10x21a7Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Dec 13, 2024 13:40:20.453573942 CET1.1.1.1192.168.2.100x8200No error (0)i.ibb.co91.134.10.168A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:20.453573942 CET1.1.1.1192.168.2.100x8200No error (0)i.ibb.co91.134.9.159A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:20.453573942 CET1.1.1.1192.168.2.100x8200No error (0)i.ibb.co91.134.9.160A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:20.453573942 CET1.1.1.1192.168.2.100x8200No error (0)i.ibb.co91.134.10.127A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:20.453573942 CET1.1.1.1192.168.2.100x8200No error (0)i.ibb.co91.134.82.79A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:20.453573942 CET1.1.1.1192.168.2.100x8200No error (0)i.ibb.co91.134.10.182A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:35.854049921 CET1.1.1.1192.168.2.100xd5a9No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:40:35.854049921 CET1.1.1.1192.168.2.100xd5a9No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                      Dec 13, 2024 13:41:06.402127981 CET1.1.1.1192.168.2.100xb2bdNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                      Dec 13, 2024 13:41:18.782509089 CET1.1.1.1192.168.2.100x8204No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                      Dec 13, 2024 13:41:42.137944937 CET1.1.1.1192.168.2.100x24c3No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                      Dec 13, 2024 13:42:06.186959982 CET1.1.1.1192.168.2.100x21a7No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • i.ibb.co

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.104970791.134.10.1684437456C:\Users\user\Desktop\FINAL_PDF.exe
                                      TimestampBytes transferredDirectionData
                                      2024-12-13 12:40:21 UTC90OUTGET /4VpfCKs/pilotxprograms-Final.jpg HTTP/1.1
                                      Host: i.ibb.co
                                      Connection: Keep-Alive
                                      2024-12-13 12:40:22 UTC382INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Fri, 13 Dec 2024 12:40:22 GMT
                                      Content-Type: image/jpeg
                                      Content-Length: 4621599
                                      Connection: close
                                      Last-Modified: Sat, 23 Nov 2024 03:39:14 GMT
                                      Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                      Cache-Control: max-age=315360000
                                      Cache-Control: public
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, OPTIONS
                                      Accept-Ranges: bytes
                                      2024-12-13 12:40:22 UTC3714INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 07 07 07 07 08 07 08 09 09 08 0c 0c 0b 0c 0c 11 10 0e 0e 10 11 1a 12 14 12 14 12 1a 27 18 1d 18 18 1d 18 27 23 2a 22 20 22 2a 23 3e 31 2b 2b 31 3e 48 3c 39 3c 48 57 4e 4e 57 6d 68 6d 8f 8f c0 01 07 07 07 07 08 07 08 09 09 08 0c 0c 0b 0c 0c 11 10 0e 0e 10 11 1a 12 14 12 14 12 1a 27 18 1d 18 18 1d 18 27 23 2a 22 20 22 2a 23 3e 31 2b 2b 31 3e 48 3c 39 3c 48 57 4e 4e 57 6d 68 6d 8f 8f c0 ff c2 00 11 08 05 00 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 01 02 06 03 04 05 07 08 ff da 00 08 01 01 00 00 00 00 fd 10 32 c4 29 10 b1 60 2c b0 00 00 80 02 16 02 90 09 50 08 08 11 8e 19 e4 4a 42 2c 02 2a 20 8a 88 08 81 2c 08 45 41 61 32 91
                                      Data Ascii: JFIF''#*" "*#>1++1>H<9<HWNNWmhm''#*" "*#>1++1>H<9<HWNNWmhm"2)`,PJB,* ,EAa2
                                      2024-12-13 12:40:22 UTC4096INData Raw: 12 92 a0 00 84 2d 10 a2 22 25 84 10 08 11 44 92 54 63 9a 02 04 82 08 b2 90 18 80 11 40 12 c0 81 12 c4 89 04 10 92 31 d9 14 40 14 80 4a 04 b0 01 0a 40 00 00 80 b0 10 0a a8 a9 20 12 08 20 10 25 4a 92 4a 30 cd 2c 20 82 08 08 a4 18 8b 0b 08 a4 29 00 41 02 31 95 21 04 24 92 6c 94 80 05 80 02 16 14 89 48 a2 58 2c 00 08 00 25 44 55 0a 71 f1 63 73 ca d4 12 02 04 02 54 89 28 e3 e4 20 84 08 42 54 2a 02 4c 73 85 84 52 2c b0 04 25 44 b2 41 20 82 24 92 6c 94 80 0a 82 50 11 65 80 40 a1 2c 58 00 10 16 02 04 5a 15 f9 4b 5a fd 59 dc c3 9b b1 cb 9e 60 84 40 8b 08 58 84 94 61 99 04 20 41 12 90 a8 42 2c 02 15 28 80 20 96 11 20 91 16 09 24 c6 6c a0 a8 02 28 04 0b 05 88 0b 00 a8 2c 04 b0 00 10 0a 2d d7 bf 39 ec 3b 8e cf d7 ef 7a 1d be 7e 4c b2 84 42 02 58 08 42 4a 31 a0 41 08
                                      Data Ascii: -"%DTc@1@J@ %JJ0, )A1!$lHX,%DUqcsT( BT*LsR,%DA $lPe@,XZKZY`@Xa AB,( $l(,-9;z~LBXBJ1A
                                      2024-12-13 12:40:22 UTC4096INData Raw: ef f3 76 b2 eb fd 3b df 5e b7 5b a7 e0 e8 9f 0e 6e 7b 36 cf ea 73 e7 c5 96 37 2e 7e c7 36 7c 9d 6c 3c 8d 37 d4 da bd df 47 b5 cb 95 91 08 8c 6a 22 e3 2a 08 02 00 80 00 20 41 20 8a 24 92 4b 11 8c 80 8c 76 72 c0 00 2c 94 94 0c 55 02 c2 90 01 05 4a 82 50 0a be 43 db e3 e3 f3 bc 2f 1f 55 ca 76 32 c3 86 fd 03 70 5e bf 07 4b c4 d4 7f 3f 70 6d 1b 67 a7 df e4 e4 ed 72 f2 5c b9 b9 f9 f9 79 7b 17 af c7 ad eb 7b 2e c9 ec 77 bb 3c b5 09 09 08 44 20 40 10 08 54 01 2a 08 b0 88 82 c2 31 82 43 1c 41 18 ec ea 85 80 58 09 52 a0 40 14 2a 40 b0 20 00 05 8a 3c 7e 6f 5b 8f 8b cc f0 bc 8f 07 c7 f6 78 f3 c7 cc c3 87 e8 7f 45 5e 1e b7 4f c7 d5 7e 15 ae fb db 8e c5 eb f6 1c 8e af 65 7b 39 72 76 fb 7c dc 98 70 75 7e 79 cf b6 fb fe a7 73 b1 c9 61 22 49 64 b0 24 10 04 02 00 02 58 20
                                      Data Ascii: v;^[n{6s7.~6|l<7Gj"* A $Kvr,UJPC/Uv2p^K?pmgr\y{{.w<D @T*1CAXR@*@ <~o[xE^O~e{9rv|pu~ysa"Id$X
                                      2024-12-13 12:40:22 UTC4096INData Raw: 80 00 00 00 00 11 40 00 00 00 25 89 98 dd a0 00 00 00 00 00 00 00 00 11 40 00 00 00 12 92 4c b6 d0 00 4a 00 00 00 00 00 00 94 04 a0 00 00 00 08 a4 92 67 7a a0 00 00 00 00 00 00 00 00 00 00 00 00 04 50 cb 39 e9 bc a8 00 00 00 00 00 00 00 00 00 00 00 00 08 a2 cc b3 9d f4 b9 94 00 00 00 00 00 00 00 00 00 00 00 00 08 a1 70 ce 75 d2 a4 a0 00 00 00 00 00 00 00 00 00 00 00 01 14 17 9d cc 75 a9 64 a0 00 00 00 00 00 00 00 00 00 00 00 08 a0 ac 49 27 65 08 00 00 00 00 00 00 00 00 00 00 00 01 28 2a 5c e5 9c f6 b4 58 cd 00 00 00 00 00 00 00 00 00 00 00 09 41 6c 33 24 cf 4d 28 12 50 00 00 00 00 00 00 00 00 00 00 04 50 b4 4c c9 33 bd d0 b2 11 40 00 00 00 00 12 80 00 00 00 00 12 80 d2 58 99 93 3a d6 85 21 66 74 00 00 00 00 00 00 00 00 00 00 22 81 a2 21 84 c5 dd b4 15 2d
                                      Data Ascii: @%@LJgzP9puudI'e(*\XAl3$M(PPL3@X:!ft"!-
                                      2024-12-13 12:40:22 UTC4096INData Raw: c1 e3 f7 f2 47 b3 3d 98 f5 69 71 49 c5 c9 32 5c 94 5f 4c e3 11 ab 8a 87 4c 7a 6d 09 8c ae 0c 1d 73 fa 79 c8 b9 0c 7c 93 25 cb eb 9c 5c 9a 86 57 3a 63 d1 68 0c 78 98 b8 3d 98 f5 4e 1f 6b 8b 0e 0c 6c 6c 97 2e ae dc 55 15 9c 88 e9 8f 41 a0 31 e2 e0 c1 83 c7 ef e5 8f 23 e5 77 f1 9b f6 69 87 06 1c 93 25 16 d5 c6 b5 0a 04 3a 6b 69 cf 5c c4 53 06 0c 1f 63 eb 67 c1 1f 5c 38 39 4d 92 09 d2 d2 4c 95 11 4e 9e fa 6b d6 30 94 c5 c1 83 d9 c7 bb be 1e 43 27 56 12 ad e8 8e 04 88 50 7d 31 ea 98 4a 62 e0 c1 83 c1 9f 28 3c 31 f0 a3 ec 7c ac 99 b8 c1 93 29 59 05 b8 a5 4e 21 cb 91 d3 6d 2d e9 b4 25 31 70 60 fb 6d df 6f dc 8f 2c 7a a7 d7 24 e6 32 5c 21 d6 74 b5 17 19 47 7c d5 6d 29 e9 34 26 3c 5c 18 3e e7 ee 7b 51 ec 7b f8 01 e5 c8 43 8b 92 63 07 c9 b2 e2 f1 74 5a 8e 40 d4 26
                                      Data Ascii: G=iqI2\_LLzmsy|%\W:chx=Nkll.UA1#wi%:ki\Scg\89MLNk0C'VP}1Jb(<1|)YN!m-%1p`mo,z$2\!tG|m)4&<\>{Q{CctZ@&
                                      2024-12-13 12:40:22 UTC4096INData Raw: dd 7f f9 99 f7 4d f7 a7 71 e6 27 d5 15 f0 af 0f b7 ce d3 c0 26 34 61 fa 88 01 93 0e c5 80 65 b8 6b a8 af cb 61 58 36 fe cf 8b 68 c4 32 12 8b 45 3a 78 30 e3 50 e1 e2 8f 6d ec 3c 53 4f 84 8d d5 9d 24 16 9b 0a dc a4 1c 50 e8 5a 90 48 93 43 fa 99 86 fa 7d 5b ea 9e a3 56 23 3a b8 19 d6 43 d3 3b ff 00 b2 31 6a 86 ce eb b8 0f 7b e5 5b 4f 6f 6d f7 d9 38 6b e1 f6 36 cf 65 b4 f6 ec 92 ca 09 93 3f 3e 57 ad 93 b0 70 63 0d b3 f0 cb 1a fc b7 d5 e4 3c dd ab b6 56 d9 5b 5a f8 14 12 2c 46 d5 03 05 2c ef d5 47 8a 8c 14 3b d6 bf 6e b1 9f 02 e2 8d e1 96 1c 5c 78 cc 5a f6 d4 76 26 c3 a4 7e 63 70 04 d6 18 20 8f 0a cc d8 4c 4c 2d 8b c1 5f 54 b6 52 44 7c 2b 75 ab 31 9d 5c 0a c8 7e e6 ee e3 fb 6d 81 3f a1 d3 d0 d6 2a 0d 81 8a 6c 2c 7b f3 04 66 55 e7 ba 2b 6c e3 a1 f8 29 b2 f0 78
                                      Data Ascii: Mq'&4aekaX6h2E:x0Pm<SO$PZHC}[V#:C;1j{[Oom8k6e?>Wpc<V[Z,F,G;n\xZv&~cp LL-_TRD|+u1\~m?*l,{fU+l)x
                                      2024-12-13 12:40:22 UTC4096INData Raw: 98 6f 0f 6d ab 18 b3 08 20 bb 32 06 2c cc 2f fe 5a da 62 db cf 08 f1 0d 5b 43 5e b2 0f 63 56 d6 8a 48 d1 31 b9 95 2f 93 38 16 d2 b6 f8 d6 68 1f f8 f3 fb ab 6a 13 f1 98 5c 0f 88 2e bf 65 16 de de 0a 08 72 3b 24 91 97 8f 41 e9 16 ae fa 3d 09 22 15 75 04 54 b1 8c af 2a f2 f9 63 f1 a8 67 5b ad 98 69 e1 50 cd f1 91 f6 24 e0 45 63 b6 74 9b b8 95 3b 9c 24 03 ed a4 75 04 3d e8 1b 67 40 f1 a0 7d 1d b4 12 26 0f 07 18 9b 1d 28 ba c7 a2 a0 f9 f2 1e 0b 49 81 eb 67 96 43 3e 32 7c e6 9d b5 6e e1 c9 47 01 5b b9 2e 6c 74 15 bb 72 4d d8 ea 7a 00 e3 d2 4f 1a 38 9c 52 af 01 ff 00 62 80 21 06 8a 2d 59 51 27 75 41 2d c8 66 6b 0f 84 dd 38 cc 54 38 72 da 07 6e d9 f0 51 99 ac 28 1f 9a e0 67 c4 12 40 0f 3d e0 8f 3e ed 6b 68 4e bf 9d 62 b7 53 84 38 7f 89 8f d7 6e d3 7a cd 2a 39 45
                                      Data Ascii: om 2,/Zb[C^cVH1/8hj\.er;$A="uT*cg[iP$Ect;$u=g@}&(IgC>2|nG[.ltrMzO8Rb!-YQ'uA-fk8T8rnQ(g@=>khNbS8nz*9E
                                      2024-12-13 12:40:22 UTC4096INData Raw: fd 00 e2 7f 4f 14 c9 b9 2c 6a eb c9 85 eb 67 e2 02 86 57 55 0c 0e e0 6b ad c7 71 a1 60 00 d0 55 be 89 eb f4 45 71 fb 4b 64 6c a6 f3 24 12 e2 1f c2 1b 05 f7 9b d3 60 54 e1 b1 51 bb e2 00 b4 7b 82 e6 6e 19 77 f3 a9 44 df 96 63 08 6c 43 64 a0 79 b0 af cd 5f bc d0 45 2a 0d 5e e6 f4 4d f3 a5 4f d6 96 04 e8 83 cf 3f 80 ef 35 be b6 70 a1 01 b8 8c 66 a0 f7 df ce 3d e6 86 f1 54 cc fd 9e 26 b1 38 e7 50 83 78 5c 10 e4 65 ea 1c 69 14 ef ca 0b b9 d4 9c e9 23 51 65 a0 2a df b1 e6 3c 8c a8 e6 2f 41 59 1c 0d 6e 09 ac e8 de ac 29 cf 69 aa c7 4a 25 77 77 6d 47 ce 2e 6d cb 4a 50 08 5a eb f0 a8 df 29 7b 2d ea fd 1e 84 8d 34 fa 1f 88 12 62 0c b2 ab a1 7f 8a 01 6c 51 2d a1 e6 6f f4 9f 7f e1 80 3c 61 d9 9f fe c7 ff 00 4a 40 4b 10 3c 69 41 2a 0d 5e f6 34 a1 4b 33 85 5e 24 d3 e4
                                      Data Ascii: O,jgWUkq`UEqKdl$`TQ{nwDclCdy_E*^MO?5pf=T&8Px\ei#Qe*</AYn)iJ%wwmG.mJPZ){-4blQ-o<aJ@K<iA*^4K3^$
                                      2024-12-13 12:40:22 UTC4096INData Raw: 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 40 61 61 63 69 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 6c 41 6d 63 61 6f 61 74 70 6c 61 6d 63 69 6f 61 7c 50 6c 61 25 63 69 6f 61 74 70 6c 61 6d 63 69 41 15 11 08 18 61 6d 63 5d d6 4a 74 70 4c 61 6d 63 d3 44 61 74 72 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 4f 61 74 10 42 13 1e 11 0a 6f 61 74 fc 6f 61 6d 63 89 44 61 74 74 6c 61 6d df 42 6f 61 74 70 6c 61 6d 63 69 6f 61 74 70 2c 61 6d 23 47 1d 04 18 1f 0f 61 6d 6f 69 6f 61 74 70 40 61 6d 61 69 6f 61 b4 5b 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 29 6f 61 36 70 6c 61 6d 63 69 6f 61 74 70 6c 61 6d 63 69 6f 71 ad 5b 6c 61 6d 63 69 27 61 74 70 6e 61 68 63
                                      Data Ascii: amcioatplamcioatp@aacioatplamcioatplamcioatplamcioatplamcioatplamcioatplAmcaoatplamcioa|Pla%cioatplamciAamc]JtpLamcDatrlamcioatplamciOatBoatoamcDattlamBoatplamcioatp,am#Gamoioatp@amaioa[lamcioatplamc)oa6plamcioatplamcioq[lamci'atpnahc
                                      2024-12-13 12:40:22 UTC4096INData Raw: 53 3b df 3f 27 50 b5 84 0c 2b d3 1c 0a b7 d2 43 65 59 32 60 18 5f 2d fc 1f db fb da 02 63 dc 07 6c 9f 6c b8 d8 5b c9 e8 f9 9c 84 32 ac e1 7a db 5d 63 07 02 5c b2 f8 d3 76 b0 7a ab 5e 0b 82 dc 2e bc d4 8b 54 86 4a a2 42 b5 fe 01 df 3c eb 0d a3 e5 26 13 e7 ed 42 85 07 c4 bd 64 a0 8a fe aa de f3 b5 5b 29 31 92 f0 f9 ec c6 ef a9 37 38 9a c7 f5 da 25 a9 b5 4e 28 23 0d 80 db e1 92 bd d0 53 ce 43 67 53 8a 6f 39 b7 de 61 1c d1 cd 9b 67 ac d5 fe de 57 a1 2c d9 82 f7 68 e0 99 27 ae de 1c 39 f8 39 e8 a0 be 34 96 b4 67 d2 35 a0 67 89 39 79 41 76 53 b9 eb 57 7a f2 e6 cb e7 2d 43 55 e7 a8 48 01 5b 43 fe ef 87 de 8c d5 72 3b cb 0b ae 9b af 83 46 ad c6 fa f6 ff 06 2e 03 e0 5e b8 52 df de 67 c9 86 f9 8f 1a 5c b0 9c 7e 06 6e e1 89 1b 9a 14 6f 65 ff bd f3 60 c5 78 f8 45 ec
                                      Data Ascii: S;?'P+CeY2`_-cll[2z]c\vz^.TJB<&Bd[)178%N(#SCgSo9agW,h'994g5g9yAvSWz-CUH[Cr;F.^Rg\~noe`xE


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:07:40:18
                                      Start date:13/12/2024
                                      Path:C:\Users\user\Desktop\FINAL_PDF.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\FINAL_PDF.exe"
                                      Imagebase:0x2e0000
                                      File size:1'671'240 bytes
                                      MD5 hash:290905106503753D8BD791403E04FB04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:07:40:50
                                      Start date:13/12/2024
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Documents\OUCH_SOKHENG.pdf"
                                      Imagebase:0x7ff64eb90000
                                      File size:5'641'176 bytes
                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:5
                                      Start time:07:40:51
                                      Start date:13/12/2024
                                      Path:C:\Users\user\Desktop\FINAL_PDF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\FINAL_PDF.exe"
                                      Imagebase:0x2e0000
                                      File size:1'671'240 bytes
                                      MD5 hash:290905106503753D8BD791403E04FB04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:6
                                      Start time:07:40:52
                                      Start date:13/12/2024
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                      Imagebase:0x7ff63ec50000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:7
                                      Start time:07:40:54
                                      Start date:13/12/2024
                                      Path:C:\Users\user\Desktop\FINAL_PDF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\FINAL_PDF.exe"
                                      Imagebase:0x2e0000
                                      File size:1'671'240 bytes
                                      MD5 hash:290905106503753D8BD791403E04FB04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:07:40:54
                                      Start date:13/12/2024
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1532,i,969239553884294020,9147732095431164971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                      Imagebase:0x7ff63ec50000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:11
                                      Start time:07:40:57
                                      Start date:13/12/2024
                                      Path:C:\Users\user\Desktop\FINAL_PDF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\FINAL_PDF.exe"
                                      Imagebase:0x2e0000
                                      File size:1'671'240 bytes
                                      MD5 hash:290905106503753D8BD791403E04FB04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:13
                                      Start time:07:41:00
                                      Start date:13/12/2024
                                      Path:C:\Users\user\Desktop\FINAL_PDF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\FINAL_PDF.exe"
                                      Imagebase:0x2e0000
                                      File size:1'671'240 bytes
                                      MD5 hash:290905106503753D8BD791403E04FB04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:15
                                      Start time:07:41:04
                                      Start date:13/12/2024
                                      Path:C:\Users\user\Desktop\FINAL_PDF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\FINAL_PDF.exe"
                                      Imagebase:0x2e0000
                                      File size:1'671'240 bytes
                                      MD5 hash:290905106503753D8BD791403E04FB04
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:12.4%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:10.6%
                                        Total number of Nodes:398
                                        Total number of Limit Nodes:32
                                        execution_graph 71783 471c570 71784 471c574 CreateWindowExW 71783->71784 71786 471c694 71784->71786 71786->71786 71827 4718550 71828 4718554 DuplicateHandle 71827->71828 71829 47185e6 71828->71829 72042 4715b90 72043 4715b9f 72042->72043 72046 4715c7a 72042->72046 72051 4715c88 72042->72051 72047 4715c25 72046->72047 72049 4715c82 72046->72049 72047->72043 72048 4715ec0 GetModuleHandleW 72050 4715cbc 72048->72050 72049->72048 72049->72050 72050->72043 72053 4715c99 72051->72053 72054 4715cbc 72051->72054 72052 4715ec0 GetModuleHandleW 72052->72054 72053->72052 72053->72054 72054->72043 72055 471ec93 72056 471ecac 72055->72056 72057 471ed02 72056->72057 72058 471edac 72056->72058 72060 471ed5a CallWindowProcW 72057->72060 72061 471ed09 72057->72061 72059 471a29c CallWindowProcW 72058->72059 72059->72061 72060->72061 71969 a6e292a 71970 a6e2936 71969->71970 71975 a6e50ef 71969->71975 71979 a6e522b 71969->71979 71983 a6e4e8c 71969->71983 71987 a6e4ebb 71969->71987 71976 a6e5107 71975->71976 71977 a6e520a 71976->71977 71991 ac7bc72 71976->71991 71980 a6e523b 71979->71980 72009 a6e6d70 71980->72009 71984 a6e4f02 71983->71984 71985 a6e50de 71984->71985 72012 ac70d43 71984->72012 71988 a6e4ecf 71987->71988 71989 ac70d43 GetCurrentThreadId 71988->71989 71990 a6e50de 71988->71990 71989->71990 71992 ac7bc7d 71991->71992 71995 a6e82e0 71992->71995 71993 ac7bc8b 71997 a6e82f5 71995->71997 71996 a6e837b 71998 a6e8385 71996->71998 72004 a6e82e0 GetCurrentThreadId 71996->72004 71997->71996 71999 a6e83b0 71997->71999 71998->71993 72003 a6e84b4 71999->72003 72005 a6e7ef4 71999->72005 72002 a6e7ef4 GetCurrentThreadId 72002->72003 72003->71993 72004->71998 72006 a6e7eff 72005->72006 72007 a6e87ff GetCurrentThreadId 72006->72007 72008 a6e84d8 72006->72008 72007->72008 72008->72002 72011 a6e82e0 GetCurrentThreadId 72009->72011 72010 a6e6d9f 72011->72010 72013 ac70d50 72012->72013 72015 a6e82e0 GetCurrentThreadId 72013->72015 72014 ac70d6a 72015->72014 71787 5fe99f8 71788 5fe9a1e 71787->71788 71789 5fe9b83 71787->71789 71788->71789 71791 5fe7988 71788->71791 71792 5fe9c78 PostMessageW 71791->71792 71793 5fe9ce4 71792->71793 71793->71788 72062 ac7c9a0 72063 ac7ca13 72062->72063 72067 a6ee688 72063->72067 72071 a6ee698 72063->72071 72064 ac7d043 72069 a6ee6bf 72067->72069 72068 a6ee721 72068->72064 72069->72068 72075 a6e7458 GetSystemMetrics GetSystemMetrics 72069->72075 72072 a6ee6bf 72071->72072 72074 a6ee721 72072->72074 72076 a6e7458 GetSystemMetrics GetSystemMetrics 72072->72076 72074->72064 72075->72068 72076->72074 71794 5fe7170 71795 5fe71b8 WriteProcessMemory 71794->71795 71797 5fe720f 71795->71797 72077 5f64318 72078 5f64360 VirtualProtect 72077->72078 72079 5f6439a 72078->72079 72080 5fe6e10 72081 5fe6e50 VirtualAllocEx 72080->72081 72083 5fe6e8d 72081->72083 72084 477af18 72085 477af4e 72084->72085 72086 477b00e 72085->72086 72090 a6e3c9f 72085->72090 72094 a6e3ca0 72085->72094 72098 a6e3c91 72085->72098 72091 a6e3ce3 72090->72091 72092 a6e3d32 72091->72092 72093 a6e3d01 MonitorFromPoint 72091->72093 72092->72086 72093->72092 72095 a6e3ce3 72094->72095 72096 a6e3d32 72095->72096 72097 a6e3d01 MonitorFromPoint 72095->72097 72096->72086 72097->72096 72099 a6e3d18 MonitorFromPoint 72098->72099 72100 a6e3d32 72099->72100 72100->72086 71830 4710040 71831 4710061 71830->71831 71835 4710147 71831->71835 71840 4710148 71831->71840 71832 47100c5 71836 4710169 71835->71836 71845 47101fe 71836->71845 71850 4710200 71836->71850 71837 47101a2 71837->71832 71841 4710169 71840->71841 71843 4710200 GetSystemMetrics 71841->71843 71844 47101fe GetSystemMetrics 71841->71844 71842 47101a2 71842->71832 71843->71842 71844->71842 71846 4710233 71845->71846 71855 4713260 71846->71855 71859 4713270 71846->71859 71847 47102b4 71847->71837 71851 4710233 71850->71851 71853 4713270 GetSystemMetrics 71851->71853 71854 4713260 GetSystemMetrics 71851->71854 71852 47102b4 71852->71837 71853->71852 71854->71852 71856 471329b 71855->71856 71857 4713523 71856->71857 71863 a6e7739 71856->71863 71857->71847 71860 471329b 71859->71860 71861 4713523 71860->71861 71862 a6e7739 GetSystemMetrics 71860->71862 71861->71847 71862->71861 71864 a6e76e1 GetSystemMetrics 71863->71864 71866 a6e7742 71863->71866 71865 a6e770b 71864->71865 71865->71857 71866->71857 72101 4717f00 72102 4717f04 GetCurrentProcess 72101->72102 72104 4717f91 72102->72104 72105 4717f98 GetCurrentThread 72102->72105 72104->72105 72106 4717fd5 GetCurrentProcess 72105->72106 72107 4717fce 72105->72107 72110 471800b 72106->72110 72107->72106 72108 4718033 GetCurrentThreadId 72109 4718064 72108->72109 72110->72108 71798 a6d030 71799 a6d048 71798->71799 71800 a6d0a2 71799->71800 71805 471c717 71799->71805 71809 471a29c 71799->71809 71813 471d478 71799->71813 71817 471c728 71799->71817 71806 471c728 71805->71806 71807 471a29c CallWindowProcW 71806->71807 71808 471c76f 71807->71808 71808->71800 71810 471a2a7 71809->71810 71812 471d4d9 71810->71812 71821 471a3c4 CallWindowProcW 71810->71821 71815 471d4b5 71813->71815 71816 471d4d9 71815->71816 71822 471a3c4 CallWindowProcW 71815->71822 71818 471c72c 71817->71818 71819 471a29c CallWindowProcW 71818->71819 71820 471c76f 71819->71820 71820->71800 71821->71812 71822->71816 71823 5fe7668 71824 5fe76b0 VirtualProtectEx 71823->71824 71826 5fe76ee 71824->71826 71870 5f6eac0 71872 5f6eae7 71870->71872 71871 5f6eb2f 71872->71871 71874 5fe0ad4 71872->71874 71876 5fe0af0 71874->71876 71875 5fe0b0e 71875->71872 71888 5fe230f 71876->71888 71894 5fe23a1 71876->71894 71900 5fe22c1 71876->71900 71906 5fe2433 71876->71906 71912 5fe2780 71876->71912 71917 5fe2512 71876->71917 71923 5fe24c3 71876->71923 71929 5fe2549 71876->71929 71935 5fe2365 71876->71935 71941 5fe2348 71876->71941 71947 5fe2278 71876->71947 71893 5fe2334 71888->71893 71889 5fe2343 71889->71875 71893->71889 71953 5fe4c7f 71893->71953 71957 5fe4c88 71893->71957 71896 5fe23b2 71894->71896 71895 5fe23d5 71895->71875 71896->71895 71898 5fe4c7f CreateProcessAsUserW 71896->71898 71899 5fe4c88 CreateProcessAsUserW 71896->71899 71897 5fe2881 71897->71875 71898->71897 71899->71897 71901 5fe2286 71900->71901 71902 5fe227d 71900->71902 71901->71875 71902->71901 71904 5fe4c7f CreateProcessAsUserW 71902->71904 71905 5fe4c88 CreateProcessAsUserW 71902->71905 71903 5fe2881 71903->71875 71904->71903 71905->71903 71908 5fe2444 71906->71908 71907 5fe2466 71907->71875 71908->71907 71910 5fe4c7f CreateProcessAsUserW 71908->71910 71911 5fe4c88 CreateProcessAsUserW 71908->71911 71909 5fe2881 71909->71875 71910->71909 71911->71909 71913 5fe2794 71912->71913 71915 5fe4c7f CreateProcessAsUserW 71913->71915 71916 5fe4c88 CreateProcessAsUserW 71913->71916 71914 5fe2881 71914->71875 71915->71914 71916->71914 71920 5fe2537 71917->71920 71918 5fe2544 71918->71875 71919 5fe2881 71919->71875 71920->71918 71921 5fe4c7f CreateProcessAsUserW 71920->71921 71922 5fe4c88 CreateProcessAsUserW 71920->71922 71921->71919 71922->71919 71925 5fe24d4 71923->71925 71924 5fe24f5 71924->71875 71925->71924 71927 5fe4c7f CreateProcessAsUserW 71925->71927 71928 5fe4c88 CreateProcessAsUserW 71925->71928 71926 5fe2881 71926->71875 71927->71926 71928->71926 71932 5fe2553 71929->71932 71930 5fe255b 71930->71875 71931 5fe2881 71931->71875 71932->71930 71933 5fe4c7f CreateProcessAsUserW 71932->71933 71934 5fe4c88 CreateProcessAsUserW 71932->71934 71933->71931 71934->71931 71936 5fe2343 71935->71936 71937 5fe2321 71935->71937 71936->71875 71937->71936 71939 5fe4c7f CreateProcessAsUserW 71937->71939 71940 5fe4c88 CreateProcessAsUserW 71937->71940 71938 5fe2881 71938->71875 71939->71938 71940->71938 71943 5fe2352 71941->71943 71942 5fe235d 71942->71875 71943->71942 71945 5fe4c7f CreateProcessAsUserW 71943->71945 71946 5fe4c88 CreateProcessAsUserW 71943->71946 71944 5fe2881 71944->71875 71945->71944 71946->71944 71950 5fe227d 71947->71950 71948 5fe2286 71948->71875 71949 5fe2881 71949->71875 71950->71948 71951 5fe4c7f CreateProcessAsUserW 71950->71951 71952 5fe4c88 CreateProcessAsUserW 71950->71952 71951->71949 71952->71949 71954 5fe4d07 CreateProcessAsUserW 71953->71954 71956 5fe4e08 71954->71956 71958 5fe4d07 CreateProcessAsUserW 71957->71958 71960 5fe4e08 71958->71960 72016 a6e2e39 72017 a6e2e3f 72016->72017 72019 acd1784 72016->72019 72022 acd3018 72019->72022 72024 acd302e 72022->72024 72023 acd178a 72024->72023 72026 acd401b 72024->72026 72027 acd4021 72026->72027 72030 acd4148 72027->72030 72031 acd418e DeleteFileW 72030->72031 72033 acd403c 72031->72033 72111 477ea80 72113 477eab0 72111->72113 72112 477f1d2 72113->72112 72117 7b72178 72113->72117 72121 7b72148 72113->72121 72125 7b720d0 72113->72125 72118 7b72188 72117->72118 72119 7b721f9 72118->72119 72129 7b72271 72118->72129 72119->72113 72122 7b7214d 72121->72122 72123 7b721f9 72122->72123 72124 7b72271 VirtualProtect 72122->72124 72123->72113 72124->72123 72126 7b720d5 72125->72126 72127 7b721f9 72126->72127 72128 7b72271 VirtualProtect 72126->72128 72127->72113 72128->72127 72130 7b72293 72129->72130 72134 7b72310 72130->72134 72142 7b72301 72130->72142 72131 7b722f2 72131->72119 72136 7b72334 72134->72136 72135 7b72359 72135->72131 72136->72135 72150 7b76962 72136->72150 72176 7b76a31 72136->72176 72201 7b76891 72136->72201 72227 7b768e5 72136->72227 72137 7b72491 72137->72131 72144 7b72310 72142->72144 72143 7b72359 72143->72131 72144->72143 72146 7b768e5 VirtualProtect 72144->72146 72147 7b76962 VirtualProtect 72144->72147 72148 7b76a31 VirtualProtect 72144->72148 72149 7b76891 VirtualProtect 72144->72149 72145 7b72491 72145->72131 72146->72145 72147->72145 72148->72145 72149->72145 72154 7b76989 72150->72154 72151 7b7699a 72152 7b76cf8 72153 7b76d2f 72152->72153 72161 7b768e5 VirtualProtect 72152->72161 72162 7b76962 VirtualProtect 72152->72162 72163 7b76a31 VirtualProtect 72152->72163 72164 7b76891 VirtualProtect 72152->72164 72165 7b76d50 VirtualProtect 72152->72165 72153->72137 72154->72151 72155 7b76d37 72154->72155 72156 7b76cb5 72154->72156 72171 7b768e5 VirtualProtect 72154->72171 72172 7b76962 VirtualProtect 72154->72172 72173 7b76a31 VirtualProtect 72154->72173 72174 7b76891 VirtualProtect 72154->72174 72253 7b76d50 72154->72253 72258 7b71f4c 72155->72258 72156->72152 72156->72155 72166 7b768e5 VirtualProtect 72156->72166 72167 7b76962 VirtualProtect 72156->72167 72168 7b76a31 VirtualProtect 72156->72168 72169 7b76891 VirtualProtect 72156->72169 72170 7b76d50 VirtualProtect 72156->72170 72158 7b76d78 72159 7b71f4c VirtualProtect 72158->72159 72160 7b76d96 72159->72160 72160->72137 72161->72152 72162->72152 72163->72152 72164->72152 72165->72152 72166->72156 72167->72156 72168->72156 72169->72156 72170->72156 72171->72154 72172->72154 72173->72154 72174->72154 72179 7b76a3e 72176->72179 72177 7b76d2f 72177->72137 72178 7b76d37 72182 7b71f4c VirtualProtect 72178->72182 72179->72178 72180 7b76cb5 72179->72180 72186 7b768e5 VirtualProtect 72179->72186 72187 7b76962 VirtualProtect 72179->72187 72188 7b76a31 VirtualProtect 72179->72188 72189 7b76891 VirtualProtect 72179->72189 72190 7b76d50 VirtualProtect 72179->72190 72180->72178 72181 7b76cf8 72180->72181 72196 7b768e5 VirtualProtect 72180->72196 72197 7b76962 VirtualProtect 72180->72197 72198 7b76a31 VirtualProtect 72180->72198 72199 7b76891 VirtualProtect 72180->72199 72200 7b76d50 VirtualProtect 72180->72200 72181->72177 72191 7b768e5 VirtualProtect 72181->72191 72192 7b76962 VirtualProtect 72181->72192 72193 7b76a31 VirtualProtect 72181->72193 72194 7b76891 VirtualProtect 72181->72194 72195 7b76d50 VirtualProtect 72181->72195 72183 7b76d78 72182->72183 72184 7b71f4c VirtualProtect 72183->72184 72185 7b76d96 72184->72185 72185->72137 72186->72179 72187->72179 72188->72179 72189->72179 72190->72179 72191->72181 72192->72181 72193->72181 72194->72181 72195->72181 72196->72180 72197->72180 72198->72180 72199->72180 72200->72180 72203 7b7689e 72201->72203 72202 7b7699a 72203->72202 72206 7b76d37 72203->72206 72207 7b76cb5 72203->72207 72212 7b768e5 VirtualProtect 72203->72212 72213 7b76962 VirtualProtect 72203->72213 72214 7b76a31 VirtualProtect 72203->72214 72215 7b76891 VirtualProtect 72203->72215 72216 7b76d50 VirtualProtect 72203->72216 72204 7b76cf8 72205 7b76d2f 72204->72205 72222 7b768e5 VirtualProtect 72204->72222 72223 7b76962 VirtualProtect 72204->72223 72224 7b76a31 VirtualProtect 72204->72224 72225 7b76891 VirtualProtect 72204->72225 72226 7b76d50 VirtualProtect 72204->72226 72205->72137 72208 7b71f4c VirtualProtect 72206->72208 72207->72204 72207->72206 72217 7b768e5 VirtualProtect 72207->72217 72218 7b76962 VirtualProtect 72207->72218 72219 7b76a31 VirtualProtect 72207->72219 72220 7b76891 VirtualProtect 72207->72220 72221 7b76d50 VirtualProtect 72207->72221 72209 7b76d78 72208->72209 72210 7b71f4c VirtualProtect 72209->72210 72211 7b76d96 72210->72211 72211->72137 72212->72203 72213->72203 72214->72203 72215->72203 72216->72203 72217->72207 72218->72207 72219->72207 72220->72207 72221->72207 72222->72204 72223->72204 72224->72204 72225->72204 72226->72204 72229 7b768f9 72227->72229 72228 7b7699a 72229->72228 72231 7b76d37 72229->72231 72232 7b76cb5 72229->72232 72238 7b768e5 VirtualProtect 72229->72238 72239 7b76962 VirtualProtect 72229->72239 72240 7b76a31 VirtualProtect 72229->72240 72241 7b76891 VirtualProtect 72229->72241 72242 7b76d50 VirtualProtect 72229->72242 72230 7b76d2f 72230->72137 72234 7b71f4c VirtualProtect 72231->72234 72232->72231 72233 7b76cf8 72232->72233 72243 7b768e5 VirtualProtect 72232->72243 72244 7b76962 VirtualProtect 72232->72244 72245 7b76a31 VirtualProtect 72232->72245 72246 7b76891 VirtualProtect 72232->72246 72247 7b76d50 VirtualProtect 72232->72247 72233->72230 72248 7b768e5 VirtualProtect 72233->72248 72249 7b76962 VirtualProtect 72233->72249 72250 7b76a31 VirtualProtect 72233->72250 72251 7b76891 VirtualProtect 72233->72251 72252 7b76d50 VirtualProtect 72233->72252 72235 7b76d78 72234->72235 72236 7b71f4c VirtualProtect 72235->72236 72237 7b76d96 72236->72237 72237->72137 72238->72229 72239->72229 72240->72229 72241->72229 72242->72229 72243->72232 72244->72232 72245->72232 72246->72232 72247->72232 72248->72233 72249->72233 72250->72233 72251->72233 72252->72233 72254 7b71f4c VirtualProtect 72253->72254 72255 7b76d78 72254->72255 72256 7b71f4c VirtualProtect 72255->72256 72257 7b76d96 72256->72257 72257->72154 72259 7b76db0 VirtualProtect 72258->72259 72261 7b76e32 72259->72261 72261->72158 71961 a6e6fd0 71963 4713270 GetSystemMetrics 71961->71963 71964 4713260 GetSystemMetrics 71961->71964 71962 a6e6ff2 71963->71962 71964->71962 71965 5fe6740 71966 5fe6785 Wow64GetThreadContext 71965->71966 71968 5fe67cd 71966->71968 72034 a6ea6b0 72037 a6e82b4 72034->72037 72036 a6ea6cf 72038 a6e82bf 72037->72038 72040 4713270 GetSystemMetrics 72038->72040 72041 4713260 GetSystemMetrics 72038->72041 72039 a6eab5c 72039->72036 72040->72039 72041->72039

                                        Executed Functions

                                        Function 06337F11 Relevance: 115.7, Strings: 86, Instructions: 8225COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 6337f11-6337f24 2 6337f2c-6338044 0->2 15 6340284-634029b 2->15 16 633804a-633807d 2->16 20 63402a5-6344140 15->20 16->15 22 6344142 20->22 23 6344149 20->23 24 6344167-6344181 22->24 25 63443bc-6348268 22->25 23->24 23->25 24->20 30 6348271-63482b8 25->30 31 634826a 25->31 31->31
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892857318.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6330000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: +^]$+^]$5lz$5lz$ z$ z$&5t$&5t$&U$?$&U$?$&|n+$&|n+$'Ob$'Ob$)N$F$)N$F$)O$)O$*,7$*,7$/lEC$/lEC$1%d$1%d$1:5A$1:5A$2p!$2p!$9jXF$9jXF$<i$$<i$$=9y2$=9y2$=Gtg$=Gtg$A=P3$A=P3$J,QT$J,QT$KnV+$KnV+$Ohy{$Ohy{$O:$O:$TInC$TInC$T`2W$T`2W$T{0x$T{0x$TTC$TTC$XkC`$XkC`$Yt_$Yt_$^"v|$^"v|$_%]&$_%]&$c_z$c_z$ioJl$ioJl$pP{$$pP{$$p$p$sR=$sR=$s_G$s_G$tY%\$tY%\$wsC=$wsC=${$]M${$]M${F${F$~f$~f$G1$G1
                                        • API String ID: 0-1331655061
                                        • Opcode ID: 26429c08bc8f7f148002bf520cc47bfc320d1ef0b95025b763d055adf650c14b
                                        • Instruction ID: 29a96d4f2c71566558100961093edc63535a483b831b1a76ed41a40470fd2ffe
                                        • Opcode Fuzzy Hash: 26429c08bc8f7f148002bf520cc47bfc320d1ef0b95025b763d055adf650c14b
                                        • Instruction Fuzzy Hash: C9E31779B4011A4FDB5CCE2ECD916A5A6E76BCC300B54E2BE440ADF798DE34DE468B40
                                        Function 07B72310 Relevance: 48.5, Strings: 36, Instructions: 3533COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 33 7b72310-7b72332 34 7b72334-7b72338 33->34 35 7b72348-7b72353 33->35 36 7b72360-7b72367 34->36 37 7b7233a-7b72346 34->37 38 7b723f7-7b72423 35->38 39 7b72359-7b7235b 35->39 41 7b72387-7b72399 36->41 42 7b72369-7b72370 36->42 37->35 37->36 46 7b7242a-7b72489 38->46 40 7b723ef-7b723f4 39->40 48 7b723a1-7b723a9 41->48 49 7b7239b-7b7239f 41->49 42->41 44 7b72372-7b7237d 42->44 45 7b72383-7b72385 44->45 44->46 45->40 70 7b7248b call 7b768e5 46->70 71 7b7248b call 7b76962 46->71 72 7b7248b call 7b76a31 46->72 73 7b7248b call 7b76891 46->73 52 7b723b7-7b723b9 48->52 53 7b723ab-7b723b0 48->53 49->48 51 7b723bb-7b723d9 49->51 59 7b723ed 51->59 60 7b723db-7b723e4 51->60 52->40 53->52 59->40 74 7b723e6 call 256a3c8 60->74 75 7b723e6 call 256a3b8 60->75 62 7b723eb 62->40 65 7b72491 66 7b72497-7b75829 65->66 67 7b75832-7b76874 66->67 68 7b7582b 66->68 68->67 70->65 71->65 72->65 73->65 74->62 75->62
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1901442329.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7b70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ^1$f)$#Ik3$#]/$#`$S$#d8$%#w$%.I9$(-n$(d$1?E$3="3$=85I$>1I+$FXw$G^Ev$G3Y$K$Dg$KL$UtC$ZS*$[1Iq$_W;f$a^S,$b@($ckL$dIa$d_lc$f<$r`$$t=_$y4@$z>S!${Q9$#$yV
                                        • API String ID: 0-2677317703
                                        • Opcode ID: 4ac9ee4702eabdbbf6573c0b3da6ec78b691cd8c9339b8baef9cc2c53fa087ae
                                        • Instruction ID: de35c46230c6aebd8c2d4b93ba91292a135e6cbed53a2b11f518ee21e655bd86
                                        • Opcode Fuzzy Hash: 4ac9ee4702eabdbbf6573c0b3da6ec78b691cd8c9339b8baef9cc2c53fa087ae
                                        • Instruction Fuzzy Hash: 14532879B4121A4FDB5CCE2ECD912A9B6E76BCD300B54E27A840ADF398DE34DD464B40
                                        Function 08F52BB0 Relevance: 15.8, Strings: 12, Instructions: 850COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 76 8f52bb0-8f52bf1 80 8f52bf4 call 8f54074 76->80 81 8f52bf4 call 8f54d31 76->81 82 8f52bf4 call 8f54b52 76->82 83 8f52bf4 call 8f5567d 76->83 84 8f52bf4 call 8f555fc 76->84 85 8f52bf4 call 8f53e79 76->85 86 8f52bf4 call 8f54f58 76->86 87 8f52bf4 call 8f54200 76->87 88 8f52bf4 call 8f546c0 76->88 89 8f52bf4 call 8f55ae3 76->89 90 8f52bf4 call 8f55b22 76->90 91 8f52bf4 call 8f547ac 76->91 92 8f52bf4 call 8f54bc8 76->92 77 8f52bfa-8f53e1f 78 8f53e25 77->78 79 8f54df0-8f54df7 77->79 78->79 80->77 81->77 82->77 83->77 84->77 85->77 86->77 87->77 88->77 89->77 90->77 91->77 92->77
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: > $/AXn$0Pca$6=(9$F3wm$No+V$V$;v$gF!$oEb?$|5x=$4Al$(
                                        • API String ID: 0-3723062069
                                        • Opcode ID: 5e12525ef4a501dbae23a10b0e1a88001893361c4b6c14b36c469d8911920ee6
                                        • Instruction ID: ab4d18019d6573e33f7be1792d7d93b8602fee0b9057ac61217926df3535973c
                                        • Opcode Fuzzy Hash: 5e12525ef4a501dbae23a10b0e1a88001893361c4b6c14b36c469d8911920ee6
                                        • Instruction Fuzzy Hash: AA925BB5E412298FDB64CF29CD857DDBBB6BB89300F1492D9840DAB358DB349B818F40
                                        Function 05F60017 Relevance: 15.7, Strings: 12, Instructions: 708COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 93 5f60017-5f60060 95 5f60065-5f60ad5 93->95 96 5f60e6e-5f60e78 95->96 97 5f60adb 95->97 98 5f60ae2-5f60c9a 97->98 99 5f60e20-5f60e25 97->99 100 5f60d1e-5f60e0a 97->100 101 5f60e0f-5f60e1b 97->101 102 5f60e4c-5f60e58 97->102 103 5f60e2a-5f60e36 97->103 104 5f60e3b-5f60e47 97->104 137 5f60ca1-5f60cd1 98->137 99->95 100->95 101->95 102->95 103->95 104->95 138 5f60cdb-5f60d19 137->138 138->95
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .,p$:/!{$=w\$IMe#$SS8$W$Ze`v$\nre$f6`$w3f$%JR$1&
                                        • API String ID: 0-3649798661
                                        • Opcode ID: 8a6b49f83a5391f226cfd206d0a0e94ed9afc050b34c1776327a0b69bef5c452
                                        • Instruction ID: b3fc98cb88c84dbea775a06c9ec679d2e05ded3ea48e5c29b845c32978ffedda
                                        • Opcode Fuzzy Hash: 8a6b49f83a5391f226cfd206d0a0e94ed9afc050b34c1776327a0b69bef5c452
                                        • Instruction Fuzzy Hash: C472BBB5E412298FDB64DF69CD857DEBBB2BB89300F5081E9C409AB354DB349E858F40
                                        Function 05F60040 Relevance: 15.7, Strings: 12, Instructions: 703COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 141 5f60040-5f60060 142 5f60065-5f60ad5 141->142 143 5f60e6e-5f60e78 142->143 144 5f60adb 142->144 145 5f60ae2-5f60cd1 144->145 146 5f60e20-5f60e25 144->146 147 5f60d1e-5f60e0a 144->147 148 5f60e0f-5f60e1b 144->148 149 5f60e4c-5f60e58 144->149 150 5f60e2a-5f60e36 144->150 151 5f60e3b-5f60e47 144->151 185 5f60cdb-5f60d19 145->185 146->142 147->142 148->142 149->142 150->142 151->142 185->142
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .,p$:/!{$=w\$IMe#$SS8$W$Ze`v$\nre$f6`$w3f$%JR$1&
                                        • API String ID: 0-3649798661
                                        • Opcode ID: b6846fe14cee9d2ba314eea54f6efb8dacff6e2cc995548416c1de4761c1a653
                                        • Instruction ID: abf21a8f7c272ad76d6fd11364fa5afa06c1241db3995dce33cf78bbb53ca52b
                                        • Opcode Fuzzy Hash: b6846fe14cee9d2ba314eea54f6efb8dacff6e2cc995548416c1de4761c1a653
                                        • Instruction Fuzzy Hash: 1162BCB5E412298FDB64DF69CD857DEBBB2BB89300F5081E9C409AB354DB349E858F40
                                        Function 0639A125 Relevance: 14.8, Strings: 11, Instructions: 1069COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 188 639a125-639a12c 189 639a12e-639a13a 188->189 190 639a153-639a155 188->190 189->190 191 639a190-639a19a 190->191 192 639a157-639a169 190->192 193 639a19f-639b709 191->193 194 639b86a-639b874 193->194 195 639b70f 193->195 196 639b859-639b865 195->196 197 639b848-639b854 195->197 198 639b7ed-639b825 195->198 199 639b7bd-639b7d6 call 639c75c 195->199 200 639b742-639b79c 195->200 201 639b727-639b72c 195->201 202 639b716-639b722 195->202 196->193 197->193 198->193 207 639b7dc-639b7e8 199->207 200->193 201->193 202->193 207->193
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0VD$2S|q$?31\$PTEe$RSR$Y4YY$[wUg$iK@w$jve$qoi$qoi
                                        • API String ID: 0-1758981453
                                        • Opcode ID: d21b2ec42a3a07616847f45b21440d65b6fddfc8444547949648fa6c6c2279a1
                                        • Instruction ID: fa87663846bbd1db04158ec3beb8311599e2cd42c7087e4be6b6e0555666957e
                                        • Opcode Fuzzy Hash: d21b2ec42a3a07616847f45b21440d65b6fddfc8444547949648fa6c6c2279a1
                                        • Instruction Fuzzy Hash: 74C268B5E1122A8FDB65CF29CD857D9BBB6BB89300F1492D9840DAB354DB349F818F40
                                        Function 0639A14B Relevance: 14.8, Strings: 11, Instructions: 1060COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 214 639a14b-639a151 215 639a18c-639a19a 214->215 216 639a153-639a155 214->216 217 639a19f-639b709 215->217 218 639a190-639a19a 216->218 219 639a157-639a169 216->219 220 639b86a-639b874 217->220 221 639b70f 217->221 218->217 222 639b859-639b865 221->222 223 639b848-639b854 221->223 224 639b7ed-639b825 221->224 225 639b7bd-639b7d6 call 639c75c 221->225 226 639b742-639b79c 221->226 227 639b727-639b72c 221->227 228 639b716-639b722 221->228 222->217 223->217 224->217 233 639b7dc-639b7e8 225->233 226->217 227->217 228->217 233->217
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0VD$2S|q$?31\$PTEe$RSR$Y4YY$[wUg$iK@w$jve$qoi$qoi
                                        • API String ID: 0-1758981453
                                        • Opcode ID: c93c4ad36256c4657e0cf43aa5608c5e7210dece22b0fb096e379361e14d71c0
                                        • Instruction ID: b572bf4f2c72e05cf535d6954578674a7754042a8edac6991ec41aa5ed04f550
                                        • Opcode Fuzzy Hash: c93c4ad36256c4657e0cf43aa5608c5e7210dece22b0fb096e379361e14d71c0
                                        • Instruction Fuzzy Hash: 77C269B5E1122A8FDB64CF29CD857D9BBB6BB88300F5492D9840DAB354DB349F818F40
                                        Function 0639A178 Relevance: 14.8, Strings: 11, Instructions: 1056COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 240 639a178-639a19a 242 639a19f-639b709 240->242 243 639b86a-639b874 242->243 244 639b70f 242->244 245 639b859-639b865 244->245 246 639b848-639b854 244->246 247 639b7ed-639b825 244->247 248 639b7bd-639b7d6 call 639c75c 244->248 249 639b742-639b79c 244->249 250 639b727-639b72c 244->250 251 639b716-639b722 244->251 245->242 246->242 247->242 256 639b7dc-639b7e8 248->256 249->242 250->242 251->242 256->242
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0VD$2S|q$?31\$PTEe$RSR$Y4YY$[wUg$iK@w$jve$qoi$qoi
                                        • API String ID: 0-1758981453
                                        • Opcode ID: d7ca59af6cb4ed3c29cf3a4c038f37381e1c9bd3e7b631f0cfae13a44fb85a97
                                        • Instruction ID: 21cb1c69b5e94009bb3f8c1667f00ef70264b0f6034f2770f6da759b99154bb5
                                        • Opcode Fuzzy Hash: d7ca59af6cb4ed3c29cf3a4c038f37381e1c9bd3e7b631f0cfae13a44fb85a97
                                        • Instruction Fuzzy Hash: A5C26AB5E1122A8FDB65CF29CD857D9BBB6BB88300F5492D9840DAB354DB349F818F40
                                        Function 0639A172 Relevance: 14.8, Strings: 11, Instructions: 1050COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 263 639a172-639a19a 265 639a19f-639b709 263->265 266 639b86a-639b874 265->266 267 639b70f 265->267 268 639b859-639b865 267->268 269 639b848-639b854 267->269 270 639b7ed-639b825 267->270 271 639b7bd-639b7d6 call 639c75c 267->271 272 639b742-639b79c 267->272 273 639b727-639b72c 267->273 274 639b716-639b722 267->274 268->265 269->265 270->265 279 639b7dc-639b7e8 271->279 272->265 273->265 274->265 279->265
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0VD$2S|q$?31\$PTEe$RSR$Y4YY$[wUg$iK@w$jve$qoi$qoi
                                        • API String ID: 0-1758981453
                                        • Opcode ID: 135d16089fa905beb0cc0099fe23593bcfbd0b61cb70a231e80b971c118ad26d
                                        • Instruction ID: cc354e73228811ded25cd103e081530ce44d08f88bd3dd36a8255ba95b9dbf94
                                        • Opcode Fuzzy Hash: 135d16089fa905beb0cc0099fe23593bcfbd0b61cb70a231e80b971c118ad26d
                                        • Instruction Fuzzy Hash: ACC26AB5E1122A8FDB65CF29CD857D9BBB6BB88300F5492D9840DAB354DB349F818F40
                                        Function 0639A13F Relevance: 14.8, Strings: 11, Instructions: 1045COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 286 639a13f-639a144 287 639a194-639a19a 286->287 288 639a146 286->288 289 639a19f-639b709 287->289 288->287 290 639b86a-639b874 289->290 291 639b70f 289->291 292 639b859-639b865 291->292 293 639b848-639b854 291->293 294 639b7ed-639b825 291->294 295 639b7bd-639b7d6 call 639c75c 291->295 296 639b742-639b79c 291->296 297 639b727-639b72c 291->297 298 639b716-639b722 291->298 292->289 293->289 294->289 303 639b7dc-639b7e8 295->303 296->289 297->289 298->289 303->289
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0VD$2S|q$?31\$PTEe$RSR$Y4YY$[wUg$iK@w$jve$qoi$qoi
                                        • API String ID: 0-1758981453
                                        • Opcode ID: d7a5ecc3bf51fdcc823c0ea0c040a046d341a987de62b8b8187fe79709d9b29b
                                        • Instruction ID: 837e3d0be2e1d8c36117a765ea96aa2a374ba89f8f823bdf2a4d4bdcd32e8d7f
                                        • Opcode Fuzzy Hash: d7a5ecc3bf51fdcc823c0ea0c040a046d341a987de62b8b8187fe79709d9b29b
                                        • Instruction Fuzzy Hash: 5AC26AB5E1122A8FDB65CF29CD857D9BBB6BB88300F5492D9840DAB354DB349F818F40
                                        Function 0639B82B Relevance: 14.8, Strings: 11, Instructions: 1045COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 310 639b82b-639b830 311 639b832-639b843 310->311 312 639b854 310->312 313 639a19f-639b709 311->313 314 639b848-639b84e 311->314 312->313 315 639b86a-639b874 313->315 316 639b70f 313->316 314->312 316->314 317 639b859-639b865 316->317 318 639b7ed-639b825 316->318 319 639b7bd-639b7d6 call 639c75c 316->319 320 639b742-639b79c 316->320 321 639b727-639b72c 316->321 322 639b716-639b722 316->322 317->313 318->313 326 639b7dc-639b7e8 319->326 320->313 321->313 322->313 326->313
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0VD$2S|q$?31\$PTEe$RSR$Y4YY$[wUg$iK@w$jve$qoi$qoi
                                        • API String ID: 0-1758981453
                                        • Opcode ID: 5a4e4fa545d23e78b47f55750544b2a66d5e570d2ebb9b16a564b60684f8d22b
                                        • Instruction ID: 694aefebe2170a1e4f76ace2ffd8b8e23012f1cafeb78e764efff38738cc7675
                                        • Opcode Fuzzy Hash: 5a4e4fa545d23e78b47f55750544b2a66d5e570d2ebb9b16a564b60684f8d22b
                                        • Instruction Fuzzy Hash: 0FC26AB5E1122A8FDB65CF29CD857D9BBB6BB88300F5492D9840DAB354DB349F818F40
                                        Function 05E97B0B Relevance: 11.8, Strings: 9, Instructions: 593COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 333 5e97b0b-5e97cd0 334 5e98728-5e98ddc 333->334 335 5e97cd6 333->335 416 5e98de2 334->416 335->334 417 5e98dec-5e98fc7 416->417 418 5e98fc9 417->418 419 5e98fe6-5e98ff9 417->419 418->416 418->419 420 5e98ffb 418->420 421 5e9923b 418->421 422 5e9922b-5e99236 418->422 423 5e991d1-5e9920d 418->423 424 5e98fd0-5e98fe1 418->424 425 5e99212-5e99226 418->425 419->420 426 5e99000-5e991c8 420->426 430 5e9953d-5e99548 421->430 422->426 423->426 424->417 425->426 426->421 431 5e991ca 426->431 431->420 431->421 431->422 431->423 431->425 431->430
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @':$@':$@':$Oy$Oy$Oy$aW:$aW:$aW:
                                        • API String ID: 0-2987442126
                                        • Opcode ID: c668f708a1b2ff4397a1721177d78ff26c2ea24f825a876d3a72ab8bade66e93
                                        • Instruction ID: 11f464c10aae5114c7567f6a6b0c9c9246ba6c0cffb9520d983ff8d2237cb9e9
                                        • Opcode Fuzzy Hash: c668f708a1b2ff4397a1721177d78ff26c2ea24f825a876d3a72ab8bade66e93
                                        • Instruction Fuzzy Hash: 7B5242B0E51229CFDB69EF69D98579DBBB6FB88300F4085E9D048AB315DB345A80CF41
                                        Function 08F5F078 Relevance: 11.8, Strings: 9, Instructions: 505COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 432 8f5f078-8f5f07f 433 8f5f080-8f5f087 432->433 434 8f5f088 433->434 434->433 435 8f5f089 434->435 435->433 436 8f5f08b-8f5f091 435->436 436->434 437 8f5f093-8f5f0ac 436->437 439 8f5f0b1-8f5f925 437->439 440 8f5fa63-8f5fa6a 439->440 441 8f5f92b 439->441 441->440 442 8f5f964-8f5fa5e 441->442 443 8f5f943 call a6e07d3 441->443 444 8f5f953-8f5f95f 441->444 445 8f5f932-8f5f93e 441->445 442->439 446 8f5f949-8f5f94e 443->446 444->439 445->439 446->439
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: %2G$+I>&$;CLH$B.n]$TB7&$nS$YNF$[Od$M
                                        • API String ID: 0-1884147178
                                        • Opcode ID: d9db67ef938c6c8487a8e9db365fc1e3afeeb9ff349ea33dc006ad2140170534
                                        • Instruction ID: ebc0c35795654784ba2fa7081b9edc3a7b349b2ec8a04c3a0599b4fe87154ae0
                                        • Opcode Fuzzy Hash: d9db67ef938c6c8487a8e9db365fc1e3afeeb9ff349ea33dc006ad2140170534
                                        • Instruction Fuzzy Hash: 4A32D0B5E512298FCB68CF69CD917DEBBB2BB89300F4595D9C409AB354DB348E818F40
                                        Function 08F5F098 Relevance: 11.7, Strings: 9, Instructions: 489COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 457 8f5f098-8f5f0ac 458 8f5f0b1-8f5f925 457->458 459 8f5fa63-8f5fa6a 458->459 460 8f5f92b 458->460 460->459 461 8f5f964-8f5fa5e 460->461 462 8f5f943 call a6e07d3 460->462 463 8f5f953-8f5f95f 460->463 464 8f5f932-8f5f93e 460->464 461->458 465 8f5f949-8f5f94e 462->465 463->458 464->458 465->458
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: %2G$+I>&$;CLH$B.n]$TB7&$nS$YNF$[Od$M
                                        • API String ID: 0-1884147178
                                        • Opcode ID: 090500d9c4d51f506b5203963230061797739b177c8994179f45ec5222070350
                                        • Instruction ID: 6896abd529d29e8df0d3057006d33e054dcc1335eb537d2969d273d1f1e15771
                                        • Opcode Fuzzy Hash: 090500d9c4d51f506b5203963230061797739b177c8994179f45ec5222070350
                                        • Instruction Fuzzy Hash: B322B0B5E512298FCB68CF69CD917DEBBB2BB89300F4595D9C409AB354DB348E818F40
                                        Function 08F54B52 Relevance: 10.5, Strings: 8, Instructions: 546COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 476 8f54b52-8f54b65 477 8f54b6b-8f54b80 476->477 478 8f54dfa-8f54f8c 476->478 481 8f54b82-8f54b96 477->481 482 8f54b98-8f54ba2 477->482 485 8f54f94-8f555ef 478->485 484 8f54bac 481->484 482->484 484->478 486 8f555f5 485->486 487 8f55b43-8f55b4a 485->487 486->486
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$O-\$O-\$UQz$bd$i(?[
                                        • API String ID: 0-3511972888
                                        • Opcode ID: bd3ffd1f71d973035599741b556594ffaf88d755f32ec050cd7db2fff7b2756f
                                        • Instruction ID: 88c4ca39748201368a6a2b7c6b2ec33623d8a29bf16f1e31617d16c6fa113484
                                        • Opcode Fuzzy Hash: bd3ffd1f71d973035599741b556594ffaf88d755f32ec050cd7db2fff7b2756f
                                        • Instruction Fuzzy Hash: 22125674E07369CFDB24CF69C961288BF72BB85314F1892DDC58AAF355CA704A828F41
                                        Function 08F50006 Relevance: 8.4, Strings: 6, Instructions: 887COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: TU*v$TU*v$^^q0$skQu$0^$y2d
                                        • API String ID: 0-3416840872
                                        • Opcode ID: 4af898bbbcdfb27eb9954e27d32238f824723e1ae7e78300bb46ca152feae3ff
                                        • Instruction ID: 5348fc4f4715787c7d2a6838185f4590b6f6c6456978bedafa9e3f7d3b2671b4
                                        • Opcode Fuzzy Hash: 4af898bbbcdfb27eb9954e27d32238f824723e1ae7e78300bb46ca152feae3ff
                                        • Instruction Fuzzy Hash: 57928AB5E412298FDB68CF69CD957DDBBB6BB89300F5182D9C409AB354CB349E818F40
                                        Function 08F50040 Relevance: 8.4, Strings: 6, Instructions: 866COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: TU*v$TU*v$^^q0$skQu$0^$y2d
                                        • API String ID: 0-3416840872
                                        • Opcode ID: 6c77a9b3311e96e9287f484db9de4cf8aaf42b52c6a942c9a02be27b20555ad6
                                        • Instruction ID: 336987dcad00724ab946caae8b132779e96b496761e927beb0710909c4552d82
                                        • Opcode Fuzzy Hash: 6c77a9b3311e96e9287f484db9de4cf8aaf42b52c6a942c9a02be27b20555ad6
                                        • Instruction Fuzzy Hash: 5E927BB5E412298FDB68CF69CD957DDBBB6BB88300F5182D9C409AB354CB349E818F40
                                        Function 08F50FBC Relevance: 8.3, Strings: 6, Instructions: 845COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: TU*v$TU*v$^^q0$skQu$0^$y2d
                                        • API String ID: 0-3416840872
                                        • Opcode ID: c76eefd88dcebd25fe0d0d6e3e1f3a7c54053df29fb8af8e516f3b6c45457655
                                        • Instruction ID: 916c940f2962559acd9160d3a45df138aaf85599137a21b4f31b98459200576b
                                        • Opcode Fuzzy Hash: c76eefd88dcebd25fe0d0d6e3e1f3a7c54053df29fb8af8e516f3b6c45457655
                                        • Instruction Fuzzy Hash: 9D927BB5E412298FDB68CF69CD957DDBBB6BB88300F5192D9C409AB354CB349E818F40
                                        Function 08F51011 Relevance: 8.3, Strings: 6, Instructions: 845COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: TU*v$TU*v$^^q0$skQu$0^$y2d
                                        • API String ID: 0-3416840872
                                        • Opcode ID: abb8da419e5c8631ce16683812fd1fdd4be4711eb288e516c89e3d0fb172e3ad
                                        • Instruction ID: 05be82f6aede4045f19662a0cbc8d1c0bd40d80fac35847941427065bfaf1d4a
                                        • Opcode Fuzzy Hash: abb8da419e5c8631ce16683812fd1fdd4be4711eb288e516c89e3d0fb172e3ad
                                        • Instruction Fuzzy Hash: 25927BB5E412298FDB68CF69CD957DDBBB6BB88300F5192D9C409AB354CB349E818F40
                                        Function 08F546C0 Relevance: 8.1, Strings: 6, Instructions: 563COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: fa49c994bdacd53c068d6c0ab1d43657773d2238b214bc42b4b1ede6ba9dca77
                                        • Instruction ID: bef1c76903b953d91e2c573cb62f2ecab13124bfb59cd263a2d3b8e2783bfb56
                                        • Opcode Fuzzy Hash: fa49c994bdacd53c068d6c0ab1d43657773d2238b214bc42b4b1ede6ba9dca77
                                        • Instruction Fuzzy Hash: 37225575A07368CFDB24CF78C964298BF72BB85314F1992DDC68AAF355CA7049828F41
                                        Function 08F53E79 Relevance: 8.1, Strings: 6, Instructions: 560COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: 7ab5f7c7654c7692fb091e4e01317b3d6bb09114092d1008cd71466c650e46b5
                                        • Instruction ID: 25daeca599e797e5d6659643ff34194af636bf641778f701a3c06ba7eb97f9ff
                                        • Opcode Fuzzy Hash: 7ab5f7c7654c7692fb091e4e01317b3d6bb09114092d1008cd71466c650e46b5
                                        • Instruction Fuzzy Hash: 98223474A07369CFDB24CF68C965288BFB2BB85314F5491DDC68AAF355CA704A828F41
                                        Function 08F54200 Relevance: 8.1, Strings: 6, Instructions: 559COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: 407ccbc77903d2de289ce00d30bf531b691876188f325b9d5b294a49afe9547f
                                        • Instruction ID: 2980e2351d1fe1e9db61789084d09ec95fb487901904f7a09c7ca88118c2d5d4
                                        • Opcode Fuzzy Hash: 407ccbc77903d2de289ce00d30bf531b691876188f325b9d5b294a49afe9547f
                                        • Instruction Fuzzy Hash: 27224674E07369CFDB24CF69C960298BFB2BB85314F1491DDC68AAF355CA704A828F41
                                        Function 08F547AC Relevance: 8.1, Strings: 6, Instructions: 553COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: 088e03689660cebf2f7b0fe1c053a023897ea4cf09e6ff8ca4542bfb6cc1861f
                                        • Instruction ID: ac11ddaf2051c84646de69fb90cae1895af1bd9ae4959080746a761412899360
                                        • Opcode Fuzzy Hash: 088e03689660cebf2f7b0fe1c053a023897ea4cf09e6ff8ca4542bfb6cc1861f
                                        • Instruction Fuzzy Hash: 27224674A077A8CFDB24CF69C964298BF72BB85314F1491DDC68AAF355CA704A828F41
                                        Function 08F54BC8 Relevance: 8.1, Strings: 6, Instructions: 552COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: f8d7acfc4e3da924f4cce5f1342163e7cbaea6017c2e12beb09dcbf7811d01d9
                                        • Instruction ID: 392955191411604f837c5ccac928906e5380598627d07771550a33fecb9c9a09
                                        • Opcode Fuzzy Hash: f8d7acfc4e3da924f4cce5f1342163e7cbaea6017c2e12beb09dcbf7811d01d9
                                        • Instruction Fuzzy Hash: 2D224674A07368CFDB24CF68C964288BFB2BB85314F1491DDC58AAF345CA7449828F41
                                        Function 05E98722 Relevance: 8.0, Strings: 6, Instructions: 548COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @':$@':$Oy$Oy$aW:$aW:
                                        • API String ID: 0-1251698469
                                        • Opcode ID: b4190338b6821c14cc97b21ec335715946379413144b9933d97d71cd3184aec7
                                        • Instruction ID: 2d5119ff685a22604c6710b0baf8404fbad523297b2bbf33867f138bf082baa6
                                        • Opcode Fuzzy Hash: b4190338b6821c14cc97b21ec335715946379413144b9933d97d71cd3184aec7
                                        • Instruction Fuzzy Hash: FF4233B0E512298FDB69EF69D9857ADBBB6FB88300F4085E9D048A7211DB345E80CF41
                                        Function 08F54D31 Relevance: 8.0, Strings: 6, Instructions: 546COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: 6736e861a965930fc7a5ce230ac87afefc29bff3c6d8688731e58b1aa2f92fe6
                                        • Instruction ID: 60d6c538d49df7e3314961849ef46b4f062c52f46ac851843675322336bee2ee
                                        • Opcode Fuzzy Hash: 6736e861a965930fc7a5ce230ac87afefc29bff3c6d8688731e58b1aa2f92fe6
                                        • Instruction Fuzzy Hash: 36125674A07369CFDB24CF68C965298BF72BB85314F1891DDC68AAF355CB704A828F41
                                        Function 064AE968 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1893119574.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6490000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: /29$2y$o"!P$u'u@$w7A$}]q
                                        • API String ID: 0-2503363779
                                        • Opcode ID: bf7cd2859dc49599abf5fe5de882aed7b4df841e2a66245dc14d54f28a4c24c2
                                        • Instruction ID: d0907f2a2529d3934ef74dceecf89ffbe21ca4dd5c54033b8eb16df8f5c17c4d
                                        • Opcode Fuzzy Hash: bf7cd2859dc49599abf5fe5de882aed7b4df841e2a66245dc14d54f28a4c24c2
                                        • Instruction Fuzzy Hash: 37427BB5E412298FDB68CF69CD857EDBBB2BB89304F5091D9850DEB354DB348A818F40
                                        Function 08F54074 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: 33ee9de06ed7dfe4b292f73a2dc41c1ac848b316b7dfe4bcfea9dc3ea379cdca
                                        • Instruction ID: bb60af7617e1fa9baad73f0d194bae6b4dd2b16ce3fb4d5368d00980dd5bcdb5
                                        • Opcode Fuzzy Hash: 33ee9de06ed7dfe4b292f73a2dc41c1ac848b316b7dfe4bcfea9dc3ea379cdca
                                        • Instruction Fuzzy Hash: C5124674A07369CFDB24CF68C965288BFB2BB85314F1491DDC68AAF355CA7049828F81
                                        Function 08F54F58 Relevance: 7.8, Strings: 6, Instructions: 342COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (TDx$.tF$1$Xw$UQz$bd$i(?[
                                        • API String ID: 0-1564463527
                                        • Opcode ID: 38c8357d5bd430b2db4214ddf0c759f481fb2c212f4c028ea4892066b64cac8f
                                        • Instruction ID: 0ac50dd86960746a8164e9cfdd1224e4be17efdf4e0e7125ee66930315bfe4d8
                                        • Opcode Fuzzy Hash: 38c8357d5bd430b2db4214ddf0c759f481fb2c212f4c028ea4892066b64cac8f
                                        • Instruction Fuzzy Hash: 08E1E4B5E412298BDB28CF65CD513DDBBB2AB85304F15D199C50AEF358DB349E828F80
                                        Function 0639E620 Relevance: 7.8, Strings: 6, Instructions: 337COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: :WAv$:WAv$EDZ=$EDZ=$Q[vt$Q[vt
                                        • API String ID: 0-1200865633
                                        • Opcode ID: 56e2338c0452091f8b3f181858f1988f544974bc11d0c2d047c644008c0c7628
                                        • Instruction ID: cc0d923ab82d6440fef43ae18ac39071a2429200d4240c0fc5305401b7d97f7b
                                        • Opcode Fuzzy Hash: 56e2338c0452091f8b3f181858f1988f544974bc11d0c2d047c644008c0c7628
                                        • Instruction Fuzzy Hash: 0302A9B5E452698FDB24CF65CD913CDBAB2BB85300F5192E8C459BF318DB744A828F84
                                        Function 0639E611 Relevance: 7.8, Strings: 6, Instructions: 336COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: :WAv$:WAv$EDZ=$EDZ=$Q[vt$Q[vt
                                        • API String ID: 0-1200865633
                                        • Opcode ID: d1026f38f6e2f43d3512591f7ae3afb75dff6ee5dbce7dbe25fe6c282a737490
                                        • Instruction ID: c5c331d0459527c190aa9466d533fbb6890f01e782fb8b36782f03dc7a037247
                                        • Opcode Fuzzy Hash: d1026f38f6e2f43d3512591f7ae3afb75dff6ee5dbce7dbe25fe6c282a737490
                                        • Instruction Fuzzy Hash: 1702A9B5A453698FDB24CF65CD913CDBAB2BB85300F5192E8C459AF314DB748A82CF84
                                        Function 05E9CF78 Relevance: 5.4, Strings: 4, Instructions: 449COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 7f%]$>Ql$G$Mi+R
                                        • API String ID: 0-2242246631
                                        • Opcode ID: b82b420ef66a7ece503157b67ad1229a6ca9c874df96f153f2047dae515be93c
                                        • Instruction ID: d76845f7ef957cebdf42a140ce0019722d56ec18865d330e2e75a221a1451832
                                        • Opcode Fuzzy Hash: b82b420ef66a7ece503157b67ad1229a6ca9c874df96f153f2047dae515be93c
                                        • Instruction Fuzzy Hash: F7120771E50229CFCB18DF69CD913AEBBB6BB88300F5195AAD44AAB350DB348D45CF41
                                        Function 0ACD3018 Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913579672.000000000ACD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_acd0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Gc f$`\`F$aQA4$bzep
                                        • API String ID: 0-3268002602
                                        • Opcode ID: b674d021e1f6815bbfe474399e827ac16edd0b23c48b2b6c6c79fc40b0f246ac
                                        • Instruction ID: db920f5060435318e46115cf5ca33375b31be45dc8ef1252406fe060d4bdc9fe
                                        • Opcode Fuzzy Hash: b674d021e1f6815bbfe474399e827ac16edd0b23c48b2b6c6c79fc40b0f246ac
                                        • Instruction Fuzzy Hash: B5B14AB6E413288BDB58CFA6CD4138EBA73ABD4210F59D66A8509FF358D7358D418F80
                                        Function 0A6E2960 Relevance: 4.3, Strings: 3, Instructions: 517COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 9$b@V$BI{
                                        • API String ID: 0-1607708626
                                        • Opcode ID: 5d76798e7770fab3e4998a63576018d353573f8f0827e0c87787221784af5e49
                                        • Instruction ID: 5184eac04137487209cc0cd404308da55852c9a1034c67980d6d8a757a148080
                                        • Opcode Fuzzy Hash: 5d76798e7770fab3e4998a63576018d353573f8f0827e0c87787221784af5e49
                                        • Instruction Fuzzy Hash: AC4232B0E41A298FCB64DF28DD957AEBBB5FB88301F4091E9C549AB340DB345A85CF44
                                        Function 08F51E20 Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: /Pkp$fax$rspO
                                        • API String ID: 0-350999325
                                        • Opcode ID: 96d4d2a257df9e7d60ce12a2146a9f14151eba2a61e994bb96c323659d3c0e69
                                        • Instruction ID: 94b70c75865b3de374c6c6ace142f5f921490c1007168427eac2276d2ab04f3d
                                        • Opcode Fuzzy Hash: 96d4d2a257df9e7d60ce12a2146a9f14151eba2a61e994bb96c323659d3c0e69
                                        • Instruction Fuzzy Hash: 905157B2D4022E8BC704CFE5D94259EBBB3FB8A210F91961AD406EF344D77899568B80
                                        Function 05F65883 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 8K6;$8K6;$T2D8
                                        • API String ID: 0-174012540
                                        • Opcode ID: 64749340a1c6e7c11edeec6149bd0b9f9c06fa53069f5bb0f2c65522870b0870
                                        • Instruction ID: 17216ad8e615fb7ab1d3e8ceb716dbe97e82cae52ae5b768c1ff1d1825e3faab
                                        • Opcode Fuzzy Hash: 64749340a1c6e7c11edeec6149bd0b9f9c06fa53069f5bb0f2c65522870b0870
                                        • Instruction Fuzzy Hash: 5F5137B4E052199FDB08CFAAC5416AEFBF2FF88200F54D16AD415B7250D73899418F64
                                        Function 05E93D60 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Fjn6$F6
                                        • API String ID: 0-154666695
                                        • Opcode ID: 4e86a9402e0bb3e508e652302bc6a8449888b83c51d310838832de99d22bb9e2
                                        • Instruction ID: eacaa999b4fb96f86026cc858db72fc7a7493e1ef8f8cb825e9f8d038d5b8a00
                                        • Opcode Fuzzy Hash: 4e86a9402e0bb3e508e652302bc6a8449888b83c51d310838832de99d22bb9e2
                                        • Instruction Fuzzy Hash: 04D116B5E452198FDB18CFA5C9523EDBAB6BB94300F149699810AFF754DB348A428F80
                                        Function 05E998A0 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: [hl$,T6
                                        • API String ID: 0-2380743002
                                        • Opcode ID: 22987cd78e000307a3c8a9af923ccd2db2ba5a3ec7837b000550d3482549ba87
                                        • Instruction ID: bcbb64bb00c060dfd2719f9aca61e5cec1aa44d677c7c14bb2f98464ccb335db
                                        • Opcode Fuzzy Hash: 22987cd78e000307a3c8a9af923ccd2db2ba5a3ec7837b000550d3482549ba87
                                        • Instruction Fuzzy Hash: 9D51F775E102198BDB04EFB9E9452AEBFB6BB48300F50542DD445EB340EB389805CB85
                                        Function 05F6EAC0 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: XrB$XrB
                                        • API String ID: 0-1305315338
                                        • Opcode ID: 0bab771a1299e14f7216b1aabcf2de297b0ead8622aaf53526be7f389d14c8ac
                                        • Instruction ID: a1feaf24ba01f5c73dee9058a74cc0306a43403c22962b3e851311bcc6b776ef
                                        • Opcode Fuzzy Hash: 0bab771a1299e14f7216b1aabcf2de297b0ead8622aaf53526be7f389d14c8ac
                                        • Instruction Fuzzy Hash: 42515A7AD0520ADFCB04CFA6D5456AFFBBABF89310F10982AD112B7254D7389605CFA4
                                        Function 08F5164C Relevance: 1.7, Strings: 1, Instructions: 486COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: oA
                                        • API String ID: 0-3454950961
                                        • Opcode ID: f9f509954f6d79564afe8e71c994dced69c3758d18e0617fd608d8168a9f2414
                                        • Instruction ID: dac70f6ecfa2645b3f373686e468e7e37a2ca6c71e0a96680fd5da1e3df2fc99
                                        • Opcode Fuzzy Hash: f9f509954f6d79564afe8e71c994dced69c3758d18e0617fd608d8168a9f2414
                                        • Instruction Fuzzy Hash: 5E120371E142198FCB05CFB8C99179EBFB6BB88310F54816AD50AEB345DB34AE41CB91
                                        Function 05FE4C88 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 05FE4DF3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: CreateProcessUser
                                        • String ID:
                                        • API String ID: 2217836671-0
                                        • Opcode ID: 213ec116a79b87a241482117032a49fe5b47025de5d4ad49e3063c0dfe13f98d
                                        • Instruction ID: 992eb6545e23799d4a590c73c3519f0b37f475683e25c1f8580f5cad440fa296
                                        • Opcode Fuzzy Hash: 213ec116a79b87a241482117032a49fe5b47025de5d4ad49e3063c0dfe13f98d
                                        • Instruction Fuzzy Hash: 1F51E4B1D0026A9FDF24CF99C844BDDBBB5BF48310F0480AAE919B7254DB759A85CF90
                                        Function 08F5D3C7 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Ri$
                                        • API String ID: 0-1521180641
                                        • Opcode ID: 605f28c08824df5dda9f0d0963940dcd4d60d74065b5b1f9db75343e1a9aefb7
                                        • Instruction ID: 28bd8329709d1f4fbdebf6e097b57da8eccdd26239734e141654b91276020d4c
                                        • Opcode Fuzzy Hash: 605f28c08824df5dda9f0d0963940dcd4d60d74065b5b1f9db75343e1a9aefb7
                                        • Instruction Fuzzy Hash: 8A02D1B5E012288FDB28CF65CD913DDBAB2BB84310F558699C549BF314DB349A868F80
                                        Function 08F5D3F0 Relevance: 1.6, Strings: 1, Instructions: 386COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Ri$
                                        • API String ID: 0-1521180641
                                        • Opcode ID: a5009942e9ab56537af2c65a23caa262c0a7f22c8cb0e63f12fe4796d70d141e
                                        • Instruction ID: 27d665f81296828f5f38beaa45b056bddb1149789f912d06eeaaa8e3a5f53459
                                        • Opcode Fuzzy Hash: a5009942e9ab56537af2c65a23caa262c0a7f22c8cb0e63f12fe4796d70d141e
                                        • Instruction Fuzzy Hash: 0802E1B5E012288BDB28CF65CD913DDBAB2BB84310F559699C549BF314DB349E868F80
                                        Function 02568A70 Relevance: 1.5, Instructions: 1531COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bc1f6ac24ed5b948aa6322049ae28c778706968716f07ce6245adbdfa1ecccb1
                                        • Instruction ID: 6bf177a3d989c9e77551bcd41e2fa5b75a08c624f097272af6ded2930aaa2d42
                                        • Opcode Fuzzy Hash: bc1f6ac24ed5b948aa6322049ae28c778706968716f07ce6245adbdfa1ecccb1
                                        • Instruction Fuzzy Hash: AFD27270A00219CFEB15DFA4C954BAEBBB2FF88304F108169D546AB3A1DB35ED81CB55
                                        Function 05FE0040 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .`^m
                                        • API String ID: 0-1044750606
                                        • Opcode ID: 079d9d2a8786c4896ba84b26b41a4acae59f375a2a051d28f09b7d4dd767c822
                                        • Instruction ID: 19c607ebf8457b3a94db7343575a039da550b893724a9968cf04993aa6611dec
                                        • Opcode Fuzzy Hash: 079d9d2a8786c4896ba84b26b41a4acae59f375a2a051d28f09b7d4dd767c822
                                        • Instruction Fuzzy Hash: DAB11871E116699FCB64CF25C984B9DF7FABB88240F10D5EA9409BB214EB749E81CF04
                                        Function 05FE0007 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .`^m
                                        • API String ID: 0-1044750606
                                        • Opcode ID: 46e194eeed97144bcd239996016d254bd8b7730b72de34ad8d5208dc403ed227
                                        • Instruction ID: d1370bf242ed9b593353f3732c24e5ea317f1339dbc5349fe9a58447e4addb5f
                                        • Opcode Fuzzy Hash: 46e194eeed97144bcd239996016d254bd8b7730b72de34ad8d5208dc403ed227
                                        • Instruction Fuzzy Hash: 5EB14771A112A98FCB65DF25C984799BBF6BF89300F14C5EAD409BB215EB749E81CF00
                                        Function 08F51A28 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: oA
                                        • API String ID: 0-3454950961
                                        • Opcode ID: cf18b3c2308e83bdc23e59bce6c6433d04825198d50d5c1983c9db150521bca1
                                        • Instruction ID: d6a587f553da8126ef5fbcb5fd23b1249adaf934817ee0167f70f60b33139fd2
                                        • Opcode Fuzzy Hash: cf18b3c2308e83bdc23e59bce6c6433d04825198d50d5c1983c9db150521bca1
                                        • Instruction Fuzzy Hash: 7891CFB5E103198FDB54CFA9C99179EBBB6BB89300F50856AD10AAF344DB309A41CF81
                                        Function 08F51A38 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: oA
                                        • API String ID: 0-3454950961
                                        • Opcode ID: d2d4c3b60eb00af88ed977364710ebfc0cff2d88615fe2107790c85815d51ad6
                                        • Instruction ID: 2e6ed5f4901596a6075153c317ce1fbc22a442eec28eb45ab3c72f7d6003b5d0
                                        • Opcode Fuzzy Hash: d2d4c3b60eb00af88ed977364710ebfc0cff2d88615fe2107790c85815d51ad6
                                        • Instruction Fuzzy Hash: C781CFB5E10319CFDB54CFA9C99179EBBB6BB89300F50856AD50AAF344DB309A41CF81
                                        Function 05FE040B Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .`^m
                                        • API String ID: 0-1044750606
                                        • Opcode ID: cacefc43f4d5309e48d101b6a986af75d97af00ef5458c55c8585235a056998c
                                        • Instruction ID: c56b27f88a2349ba323786d3c8f8724b0c721a98507166e55e8801487707185b
                                        • Opcode Fuzzy Hash: cacefc43f4d5309e48d101b6a986af75d97af00ef5458c55c8585235a056998c
                                        • Instruction Fuzzy Hash: B9911771A112699FCB65DF24C98479DB7F6BB88240F10D9EA900ABB215EB749EC1CF04
                                        Function 05FE0462 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .`^m
                                        • API String ID: 0-1044750606
                                        • Opcode ID: bd14fd0f9fb387914bf4a6e3f5565ee37d17257fd72c34d403daef7a62b5dc3b
                                        • Instruction ID: 6797e79f02523831c71c4895285e954005a9274887cc7b3d2b48e75a9fc86cff
                                        • Opcode Fuzzy Hash: bd14fd0f9fb387914bf4a6e3f5565ee37d17257fd72c34d403daef7a62b5dc3b
                                        • Instruction Fuzzy Hash: D8910771A112699FCB64DF24C98879DB7F6BB88200F50D9EA940AB7214EB749EC1CF04
                                        Function 05FE3150 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ATv
                                        • API String ID: 0-2543836044
                                        • Opcode ID: 4f2872fa532a967c4d8bfcdbfb611ca482b05eaac84b4f98fb1c9f74d33360c1
                                        • Instruction ID: 75b7859609f7df30b5ff51073401df1004f39ef3261a564c23745923b2090384
                                        • Opcode Fuzzy Hash: 4f2872fa532a967c4d8bfcdbfb611ca482b05eaac84b4f98fb1c9f74d33360c1
                                        • Instruction Fuzzy Hash: 5E51E475E05219AFDB08DFAAD9455DEFBF2FF88310F10942AD815A7354E73869018F50
                                        Function 05F63328 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: <
                                        • API String ID: 0-4251816714
                                        • Opcode ID: 4325d6f1e922408842227ceb7d08c63fefe9bce4001d4d06a7e31322a59dcf4c
                                        • Instruction ID: 4ae3b96b40a7b9c8600f737c540f680ff265f841d9fa9cfc6d2ad2d620352db6
                                        • Opcode Fuzzy Hash: 4325d6f1e922408842227ceb7d08c63fefe9bce4001d4d06a7e31322a59dcf4c
                                        • Instruction Fuzzy Hash: 6B516475E00658CFDB58DFAAC9446DDBBF3AFC9301F14C0AA9419AB264EB345A85CF40
                                        Function 02567398 Relevance: 1.0, Instructions: 962COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd80bc7054d8e57d3370d98ab5365634575e0bc2932214b1a5aaffec7a570b71
                                        • Instruction ID: 32084c55aeb133893d3f01e324c09930be228a9353505cb57a6ef994d8c52b91
                                        • Opcode Fuzzy Hash: dd80bc7054d8e57d3370d98ab5365634575e0bc2932214b1a5aaffec7a570b71
                                        • Instruction Fuzzy Hash: 35826D71A002199FDB14CF69C848BAEBBB2FF88308F148569E815EB391DB34DD45CB54
                                        Function 0AC7C9A0 Relevance: .6, Instructions: 596COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 85027c7690d74f6aebf1d40346d62caf29e29e0ee7ace9ba80c05210abc2f292
                                        • Instruction ID: 2084fee94f3179feb5ac9859956b743d5bfc3b40dd84a92ef8f8aefc14da2992
                                        • Opcode Fuzzy Hash: 85027c7690d74f6aebf1d40346d62caf29e29e0ee7ace9ba80c05210abc2f292
                                        • Instruction Fuzzy Hash: 2A526D74A003458FDB14DF28C844B99B7F2BF86314F2582E9D4596F3A2DBB1A986CF41
                                        Function 0477EA80 Relevance: .4, Instructions: 436COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889637695.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4770000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 195012643b47df794d82b4c5441e7ae7ee06bed9fedc6151339be15b0b5b6f59
                                        • Instruction ID: 067d070009b4b61be4eff2cc62a8403730e499f4e5f0f7f587b717524621ddb8
                                        • Opcode Fuzzy Hash: 195012643b47df794d82b4c5441e7ae7ee06bed9fedc6151339be15b0b5b6f59
                                        • Instruction Fuzzy Hash: CA22A074E002289FEB64DF65CD55B9DBBB2BB88300F1081A9E90DA7391DB706E858F50
                                        Function 07B76891 Relevance: .4, Instructions: 431COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1901442329.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7b70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0dd0c4b98cdb043ae3893c4ac99b80f45822cbcfe9d7001ad63cad1c48ab172f
                                        • Instruction ID: d7fd30daf72c8465c797b95efe97f4ef134fb90eab32aaf570b0f748df60f092
                                        • Opcode Fuzzy Hash: 0dd0c4b98cdb043ae3893c4ac99b80f45822cbcfe9d7001ad63cad1c48ab172f
                                        • Instruction Fuzzy Hash: 78D102B2B00519EFDB209A6DD4507EEF7E2FF96714F1884AAC0559B740DB3868028BD5
                                        Function 0A6EF448 Relevance: .4, Instructions: 382COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 79822b27176535cdbe174c3a7ea5e44ec04d76431001c0df892ea2f86f50ae7d
                                        • Instruction ID: 2b616c0100acfff64fda63b324c2f0b0fff599066cb2d7537235efb377df6361
                                        • Opcode Fuzzy Hash: 79822b27176535cdbe174c3a7ea5e44ec04d76431001c0df892ea2f86f50ae7d
                                        • Instruction Fuzzy Hash: 6212C875D1061ACFCB15DF68C880AD9F7B1FF49300F1586AAD859AB211EB70AAC5CF90
                                        Function 0A6EF439 Relevance: .4, Instructions: 380COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 634db03ea18a5c8b08678ca0390ee19debfb22fc845c8c4e3cca7e7c1ffa4f4e
                                        • Instruction ID: 6fdced5a422eb7afef6676880637bccaff431f5e14a08855e4c0c2526d0cc8b3
                                        • Opcode Fuzzy Hash: 634db03ea18a5c8b08678ca0390ee19debfb22fc845c8c4e3cca7e7c1ffa4f4e
                                        • Instruction Fuzzy Hash: 3212C775D0061ACFCB15DF68C880AD9F7B1BF59300F15C6AAD859A7211EB70AAC5CF90
                                        Function 05FEBB30 Relevance: .4, Instructions: 356COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fa11727c0887a1f97e7751aa08b4071eb1b219a5a7e543d6128df40aee22d74d
                                        • Instruction ID: 4b737f553b2914051e9b0bd2988ff4d518b20899f06b66e9dfc2f2a28b636bbc
                                        • Opcode Fuzzy Hash: fa11727c0887a1f97e7751aa08b4071eb1b219a5a7e543d6128df40aee22d74d
                                        • Instruction Fuzzy Hash: 24D1AD71B017049FEB29EB79C854B6EB7F6AF89604F50486DD146DB3A0DB38E801CB91
                                        Function 0256A6D9 Relevance: .3, Instructions: 298COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5c8740386a6d62c9d9b9d3f78d8a96aee7c68dbc2ba1161593f5d125079394e1
                                        • Instruction ID: 529a3d59bde25cc9aca4b2cac05ec34d10905d2af55fef53c35ae65e85c8c298
                                        • Opcode Fuzzy Hash: 5c8740386a6d62c9d9b9d3f78d8a96aee7c68dbc2ba1161593f5d125079394e1
                                        • Instruction Fuzzy Hash: B8C1F975E006148FDB04CFA8C588AADBBF2FF88314B1A845AE415AB3A5C735EC41CF58
                                        Function 02564D5B Relevance: .3, Instructions: 272COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31294b1232eeec0784022a30794c0d0b61cbac06e0c0a6a50b34010f995f60e6
                                        • Instruction ID: 53fb7d41fd4e1c5d78fbcbdddba6d80d96102b21050c1b44b4fdeae62d28952b
                                        • Opcode Fuzzy Hash: 31294b1232eeec0784022a30794c0d0b61cbac06e0c0a6a50b34010f995f60e6
                                        • Instruction Fuzzy Hash: 90D1A375E00218DFEB24DFAAC954B9DBBB2BF88300F14C1A9E919A7365DB305985CF50
                                        Function 05F64EE7 Relevance: .3, Instructions: 270COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d5c6a6cdadebd2b99a0f182b64003a89b08bfc8f9b87215e3817d820d8ab30d6
                                        • Instruction ID: 53e16cdfa12a1589a15f91c34cd3542b2237677967212e3505ae992619e855ec
                                        • Opcode Fuzzy Hash: d5c6a6cdadebd2b99a0f182b64003a89b08bfc8f9b87215e3817d820d8ab30d6
                                        • Instruction Fuzzy Hash: C5C17870D1074A8FCB04DFA9C888A9EBFB2FF89310F14816AD825AB294DB749905CF54
                                        Function 0471A2C4 Relevance: .3, Instructions: 253COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d2824d576856cb3797591e4ea6c52c72097e8092b845e5c19714c1eed2ed83fc
                                        • Instruction ID: d56d55bdc7fd05f3f4da79d9f816ac66070c4762b39f8b5289b9263a3daf5f65
                                        • Opcode Fuzzy Hash: d2824d576856cb3797591e4ea6c52c72097e8092b845e5c19714c1eed2ed83fc
                                        • Instruction Fuzzy Hash: 3BA1A035E403199FDB01DFA8D894AEDFBBAFF89310F158215E419AB3A0DB74A941CB50
                                        Function 05F64F48 Relevance: .2, Instructions: 249COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c51de7ce7cb33e4875fec5fc051d85605fbcb4d03e8518e151ca9dd0952c76f
                                        • Instruction ID: 43f66b62e8730a28dd7d0296e09327a016e821bf232ea15713eb5792e0868e9f
                                        • Opcode Fuzzy Hash: 2c51de7ce7cb33e4875fec5fc051d85605fbcb4d03e8518e151ca9dd0952c76f
                                        • Instruction Fuzzy Hash: CFB16670D1474E8FCB04DFA9C889A9EBFB2FF89310F148229D825BB294DB749905CB54
                                        Function 08F51658 Relevance: .2, Instructions: 221COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6ffa5f45439e5a84387d9a0c46a64f2c80b7d1ded268141a9fb578e4018c29cf
                                        • Instruction ID: c5280acb7cd4f346b2bc1ec44b3a658b0631b589f9aec713ab971f1712836408
                                        • Opcode Fuzzy Hash: 6ffa5f45439e5a84387d9a0c46a64f2c80b7d1ded268141a9fb578e4018c29cf
                                        • Instruction Fuzzy Hash: EC81F371E141198FCB05DBB8D99176EBBBBFB88300F948126D806EB341DA38BD41CB91
                                        Function 0471A321 Relevance: .2, Instructions: 220COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 11caa82b7a5413ec311fa271d22fc94f0e9eb033f08010b47457b6a59bd77300
                                        • Instruction ID: a55498c1cd927c4ab49e66841395d6820953c9deedc1acf395993f0a0cfa86bf
                                        • Opcode Fuzzy Hash: 11caa82b7a5413ec311fa271d22fc94f0e9eb033f08010b47457b6a59bd77300
                                        • Instruction Fuzzy Hash: C0918F35E403199FCB15DFA8D8949EDFBBAFF89310F158215E419AB3A0DB34A981CB50
                                        Function 0471C871 Relevance: .2, Instructions: 220COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a2ffb32c76e0161465861a18daa42d2cc2f12c742ec47c365aa1939183a36e38
                                        • Instruction ID: 2f472607dc2ed1ad0115dc82a095a79f4687e35ab0cf1e33999f86861fe715b0
                                        • Opcode Fuzzy Hash: a2ffb32c76e0161465861a18daa42d2cc2f12c742ec47c365aa1939183a36e38
                                        • Instruction Fuzzy Hash: 67917F75E403199FCB05DFA8D8949EDFBBAFF89310F158215E419AB3A0DB34A981CB50
                                        Function 05F65000 Relevance: .2, Instructions: 207COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 59d319dd33931690d06e0931cf6ed122adc760cf87451b98c0bf0359c719b320
                                        • Instruction ID: f7093efd86f37604886a590bf8907d133644d9b3991ea69883891fbbef4c4e48
                                        • Opcode Fuzzy Hash: 59d319dd33931690d06e0931cf6ed122adc760cf87451b98c0bf0359c719b320
                                        • Instruction Fuzzy Hash: EA91C2B5E012099FDB08CFAAC984A9EFBB2FF89310F20912AD815BB354D7749945CF54
                                        Function 05FE54CB Relevance: .2, Instructions: 195COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8176b5705f37038a7296a15432d8036c06f8db5049632c41d8e162dd0813644
                                        • Instruction ID: 44f9e186cb36ee7daf229be308bb22204c0675a32af349f1c2f7ee98b163846d
                                        • Opcode Fuzzy Hash: d8176b5705f37038a7296a15432d8036c06f8db5049632c41d8e162dd0813644
                                        • Instruction Fuzzy Hash: 588114B4E05248DFCB04DFA9D9896ADBBB2BB89304F10942AD416BB354DB385941CF25
                                        Function 05FE5220 Relevance: .2, Instructions: 170COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: edefbec9b5ca108480dc117e3d88d53d404b2d95e49937cfee1275fd550663dc
                                        • Instruction ID: 7349ac4ef4791cf73205e825388cf260b66b92ef9b5544b2277f5dfeb848e5f7
                                        • Opcode Fuzzy Hash: edefbec9b5ca108480dc117e3d88d53d404b2d95e49937cfee1275fd550663dc
                                        • Instruction Fuzzy Hash: 4571E0B4D06218DFCB14DFA9D9546EEBBF2FB89304F20852AD415BB254DB385902CF54
                                        Function 05FE521B Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4e844c6a0e465298cf3e0bef70ce6051e3bc5e98b448e11aa80f40d3e7aa970f
                                        • Instruction ID: 1b143d2e92b107b4b184f801e6c7337c41ec2cae785b2e42a9566a0ba2bffa3d
                                        • Opcode Fuzzy Hash: 4e844c6a0e465298cf3e0bef70ce6051e3bc5e98b448e11aa80f40d3e7aa970f
                                        • Instruction Fuzzy Hash: EA7101B4D02218DFCB14DFA9D5956AEBBF2FB89304F20852AD416BB254DB385A01CF64
                                        Function 05FE1D20 Relevance: .1, Instructions: 149COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d25f40e268741c05ec275bdf99a96c58f80295263e75be43bc2441953b8e8766
                                        • Instruction ID: a66b75216c004290230415deca555a244734a44a2d6c24b2b108712a9d341ba7
                                        • Opcode Fuzzy Hash: d25f40e268741c05ec275bdf99a96c58f80295263e75be43bc2441953b8e8766
                                        • Instruction Fuzzy Hash: 535159B4E01209EFCB14DFA6D445AEEBBB6FF89301F00902AE426A7344DB385A41CF54
                                        Function 05FE1D10 Relevance: .1, Instructions: 143COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8a2ac260065c147191d4e67840e21c38e636053851bb60c3932f42323eff4e68
                                        • Instruction ID: 7573b5c6903649734b94bf334d3639f9b47021740a5974f80c37919bfeb63325
                                        • Opcode Fuzzy Hash: 8a2ac260065c147191d4e67840e21c38e636053851bb60c3932f42323eff4e68
                                        • Instruction Fuzzy Hash: BD515DB4E01209DFCB14DFA6D445AEEBBB6FF89301F00942AE412A7358DB785901CF54
                                        Function 05F66290 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2188340b13ae9ffbcfabd9bc672fcff54a1f4cf07104a7bef3b54bc1f3779115
                                        • Instruction ID: 4cd71f02a990190a812a3506a6a99bf029ed9d3a910f0f0bbef1cdc2c20ba1b7
                                        • Opcode Fuzzy Hash: 2188340b13ae9ffbcfabd9bc672fcff54a1f4cf07104a7bef3b54bc1f3779115
                                        • Instruction Fuzzy Hash: 292102B1E016189BEB18CFABD8457DEBBB3AFC9310F14C12AD808A6254DB390945CF90
                                        Function 05F698E8 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bf5e15183ccf84024e2d29c74ad93bbdbb6e3eee478712db9d7ae4ec70f63064
                                        • Instruction ID: 29c2c80e8a7533b8f42752bae0b5e8fba59bdf02319f64a6af782e1728d94385
                                        • Opcode Fuzzy Hash: bf5e15183ccf84024e2d29c74ad93bbdbb6e3eee478712db9d7ae4ec70f63064
                                        • Instruction Fuzzy Hash: 0021E7B1E116189BEB58CF6BDC4179EBBF7AFC9200F04C176C518A7264EB340A468F55
                                        Function 04717EF0 Relevance: 6.2, APIs: 4, Instructions: 168threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 04717F7E
                                        • GetCurrentThread.KERNEL32 ref: 04717FBB
                                        • GetCurrentProcess.KERNEL32 ref: 04717FF8
                                        • GetCurrentThreadId.KERNEL32 ref: 04718051
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 433006aa052240a3ae5902ba1b801e5ea8509520eacdc21f6dd57d742eee6b50
                                        • Instruction ID: 4e0655c5fdc53fde28cd301d3861f400b525f218bd2cbbfb96266a54a0e7fd3c
                                        • Opcode Fuzzy Hash: 433006aa052240a3ae5902ba1b801e5ea8509520eacdc21f6dd57d742eee6b50
                                        • Instruction Fuzzy Hash: 44718AB19003098FEB15DFA9D588BDEBBF1FF48304F208469E409A7361D734A945CB66
                                        Function 04717F00 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 04717F7E
                                        • GetCurrentThread.KERNEL32 ref: 04717FBB
                                        • GetCurrentProcess.KERNEL32 ref: 04717FF8
                                        • GetCurrentThreadId.KERNEL32 ref: 04718051
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 3ed319327f65c446c9878a10d0bf5ef776c8b35dff70163cf64d0eae7cd8e152
                                        • Instruction ID: 908f3c549c812578c2f6c42d24e463949b73054dcb9f54bf0331acea06554ef7
                                        • Opcode Fuzzy Hash: 3ed319327f65c446c9878a10d0bf5ef776c8b35dff70163cf64d0eae7cd8e152
                                        • Instruction Fuzzy Hash: 9F5178B59003098FEB14CFA9D548BAEBBF1FF48314F20845DE019A7360D734A944CB66
                                        Function 04715C88 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNEL32(00000000), ref: 04715EDE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 6d39e85802560bcf0d20007aa8debdfa68fbe5664b4c63c2e006d4e89839c7e8
                                        • Instruction ID: 84d247a914a90614e3b12e103d6209e2a6c89de7fa0bddc7e0f17f49f112aa4d
                                        • Opcode Fuzzy Hash: 6d39e85802560bcf0d20007aa8debdfa68fbe5664b4c63c2e006d4e89839c7e8
                                        • Instruction Fuzzy Hash: C4712470A00B059FDB28DF29D08475ABBF5FF88304F008A29D48A9BB50D775F9498B91
                                        Function 05FE4C7F Relevance: 1.7, APIs: 1, Instructions: 165processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 05FE4DF3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: CreateProcessUser
                                        • String ID:
                                        • API String ID: 2217836671-0
                                        • Opcode ID: 6ace43d9d189f83c6c41be1b47f4ffa8ff08d59e27ffa3adbd81a3119c990a75
                                        • Instruction ID: 6204943cda45172749e94fdfcd07a98b3b2f13acb202b46bc807df85e20a08d9
                                        • Opcode Fuzzy Hash: 6ace43d9d189f83c6c41be1b47f4ffa8ff08d59e27ffa3adbd81a3119c990a75
                                        • Instruction Fuzzy Hash: 8B5104B1D0026A9FDF24CF99C844BDDBBB5BF48310F0480AAE919B7254DB759A85CF90
                                        Function 0471C564 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0471C682
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 77611010a1b95a8dc2ee28085a573c4051750d37568b95743260a128086a8bda
                                        • Instruction ID: 3646bb5f1d950192d87c736a0b18b9b9b1010e81ce163329e226f5e2f1ab68b3
                                        • Opcode Fuzzy Hash: 77611010a1b95a8dc2ee28085a573c4051750d37568b95743260a128086a8bda
                                        • Instruction Fuzzy Hash: F251D2B1D103499FDF15CF99C984ADEBBB5BF48300F64812AE819AB210D770A985CF95
                                        Function 0471C570 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0471C682
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: e07d61e7f5978524a110a59c4b503805c71e8d37953c45e0c9143d44bbe5f721
                                        • Instruction ID: 0716f33d0c479717ec91d7b7231e0f36e19e74127789c643331402862200cda0
                                        • Opcode Fuzzy Hash: e07d61e7f5978524a110a59c4b503805c71e8d37953c45e0c9143d44bbe5f721
                                        • Instruction Fuzzy Hash: 9E41D0B1D003489FDB15CF9AC884ADEFBB5BF48300F64812AE819AB210D770A845CF90
                                        Function 05F64239 Relevance: 1.6, APIs: 1, Instructions: 109memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 05F6438B
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 86818e5dfa0ec6986718674361e4e5c904f8edf6eb70b9ebd83e557dde783fc9
                                        • Instruction ID: 1dd33fbd0021587d40807494522e80c55a951c8db19d5b35a376be4d0ce015d7
                                        • Opcode Fuzzy Hash: 86818e5dfa0ec6986718674361e4e5c904f8edf6eb70b9ebd83e557dde783fc9
                                        • Instruction Fuzzy Hash: 2A41C6768183CE8ACB12CB69D88978ABFF1AF06224F484659DCB4932D2D73C9145CB51
                                        Function 0A6E7739 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetSystemMetrics.USER32(00000006), ref: 0A6E76F8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: MetricsSystem
                                        • String ID:
                                        • API String ID: 4116985748-0
                                        • Opcode ID: 7254795559910651f88c034be206f5231c497ed0415e6e0e5956df37c366c53d
                                        • Instruction ID: 70aeeaa60fb678ad77842860431a584c4432436e6b3d18ddc51e9b9dcc887e28
                                        • Opcode Fuzzy Hash: 7254795559910651f88c034be206f5231c497ed0415e6e0e5956df37c366c53d
                                        • Instruction Fuzzy Hash: 6D415675B017008FDB35CF68D58676ABBF1FB44210F144A29E0AACB740C774E849CB91
                                        Function 0471C0D0 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0471C682
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 1dab5ca4afc066634593bad7f88e0ad8cd835efe8869ad192fd161d83d3dacea
                                        • Instruction ID: 1a811d264a5a5699ea06c631a48889290b22b93a7dfbab749a9037e4536e580a
                                        • Opcode Fuzzy Hash: 1dab5ca4afc066634593bad7f88e0ad8cd835efe8869ad192fd161d83d3dacea
                                        • Instruction Fuzzy Hash: 784102B1D003499FDF16CFD9C884ADEBBB1BF89300F24911AE815AB261D771A845CF94
                                        Function 0471A3C4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                        Download Yara Rule
                                        APIs
                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 0471ED81
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: CallProcWindow
                                        • String ID:
                                        • API String ID: 2714655100-0
                                        • Opcode ID: 37084f43979c2d21e56700b420d2124979726fe97a9f4733384d51fa6333be98
                                        • Instruction ID: 09e72cc527100bdfcd1b18591fb7ae978bbd63aabcb92abc0e503474eee155d4
                                        • Opcode Fuzzy Hash: 37084f43979c2d21e56700b420d2124979726fe97a9f4733384d51fa6333be98
                                        • Instruction Fuzzy Hash: 834119B5A00305CFDB14CF99C448BAABBF5FB88314F24C459D959AB321D774A841CFA5
                                        Function 05FE7168 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05FE7200
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 9730c22852285563aea7fb331d8ebc6d1459f377b4c2f54a7eb93dd528e8c5fa
                                        • Instruction ID: f6e1c49b2781eb6ea6b4aa8393c03bd985c5742fb766cd3945fc65eba4d20418
                                        • Opcode Fuzzy Hash: 9730c22852285563aea7fb331d8ebc6d1459f377b4c2f54a7eb93dd528e8c5fa
                                        • Instruction Fuzzy Hash: E32157B5D003499FDB10DFAAC881BDEBBF5FF48310F10842AE959A7240C7789945CBA0
                                        Function 05FE7170 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05FE7200
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: fe4b8298274bc1423d0f923f8ae58cbcbf4991133a2a513660a1d939132760c2
                                        • Instruction ID: e5eab304606284b6e3f79c5c51438479848fe48e25b50d84bbba4452ab40a5bf
                                        • Opcode Fuzzy Hash: fe4b8298274bc1423d0f923f8ae58cbcbf4991133a2a513660a1d939132760c2
                                        • Instruction Fuzzy Hash: 64212775D003599FDB10DFAAC881BDEBBF5FF48310F14842AE959A7241C7789944CBA1
                                        Function 05FE6738 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 05FE67BE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: bcf0968e4fa2aff97a78e838ece6632960427d344f4d734dd12fa42bf52cf4f1
                                        • Instruction ID: 268c5df6d1e8d3c91bbe905e39bc780aef219508d887ffceada4aeaae7a02ad4
                                        • Opcode Fuzzy Hash: bcf0968e4fa2aff97a78e838ece6632960427d344f4d734dd12fa42bf52cf4f1
                                        • Instruction Fuzzy Hash: 8C216875D003098FDB10DFAAC4857EEBBF1BF48220F14882AD459A7641DB789985CFA1
                                        Function 04718548 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 047185D7
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 097277733892cb2a8c38c53bda8e503aedf0faaf26b17b1c5ced2ea8fb723162
                                        • Instruction ID: 97ef5272ff4f26e3a68b844a1c721eeeead13a16d391d12e9c788a449639aa17
                                        • Opcode Fuzzy Hash: 097277733892cb2a8c38c53bda8e503aedf0faaf26b17b1c5ced2ea8fb723162
                                        • Instruction Fuzzy Hash: EC21E3B59002589FDB10CFAAD884ADEFBF5EB48310F14841AE955A3310D374A944CFA5
                                        Function 0A6E3CA0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0A6E3D1F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: FromMonitorPoint
                                        • String ID:
                                        • API String ID: 1566494148-0
                                        • Opcode ID: d5f2b0b6d073362693818581ee7ed109d7a5b5385d9d861650c790ba38b91175
                                        • Instruction ID: 19aa70cacfac99b1cb7769a87868484ffec5797d9e5a53ce0b7421597a56a47e
                                        • Opcode Fuzzy Hash: d5f2b0b6d073362693818581ee7ed109d7a5b5385d9d861650c790ba38b91175
                                        • Instruction Fuzzy Hash: 1C215C75A002089FDB10DF99D405BEEFBF5FB89310F14801AE955AB380C734A945CFA2
                                        Function 05FE6740 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 05FE67BE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: a55843499ad619ba7806a4d70c62f659e42ece6ac1bb895822f4fa4d2851a56e
                                        • Instruction ID: b87e0de1be3d66ea68fb3fac225d56c3ab8e999f7831f242324cddd2a7a93ed0
                                        • Opcode Fuzzy Hash: a55843499ad619ba7806a4d70c62f659e42ece6ac1bb895822f4fa4d2851a56e
                                        • Instruction Fuzzy Hash: 8B213875D003098FDB10DFAAC4857EEBBF5FF48224F14842AD459A7240CB78A945CFA1
                                        Function 05FE7660 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 05FE76DF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 8313c1cd61dc184d4b66a6f8eff6dec8e1ec22a56436678c85fd90fdf09fd711
                                        • Instruction ID: 6ef82fea55c504013477fc63aef74335cad5ca00aabe0a4cee2623aff455b6bd
                                        • Opcode Fuzzy Hash: 8313c1cd61dc184d4b66a6f8eff6dec8e1ec22a56436678c85fd90fdf09fd711
                                        • Instruction Fuzzy Hash: B2212571D003499FDB24DFAAC841BEEBBF5FF48324F148429D969A7241C7789A41CBA1
                                        Function 04718550 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 047185D7
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 64018c752e54f1b2c460598f3b5f15b89d6d6060211272281b65f0859e251cd1
                                        • Instruction ID: 17bf4d7a992a36daccb7d69774ea8dbebe04878512b3e838b50efdff21e5595e
                                        • Opcode Fuzzy Hash: 64018c752e54f1b2c460598f3b5f15b89d6d6060211272281b65f0859e251cd1
                                        • Instruction Fuzzy Hash: C821E2B59003089FDB10CFAAD884ADEFBF9FB48310F14801AE918A3310C374A940CFA5
                                        Function 05FE7668 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 05FE76DF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: f191852d5102f9761e922f7be18bb380bc507aaa8cc5b64a3e1273aa84ea31e7
                                        • Instruction ID: 2582fe39d1c774d3623fdeacec51d27ab6928d18afefcf40766ee48170ea2190
                                        • Opcode Fuzzy Hash: f191852d5102f9761e922f7be18bb380bc507aaa8cc5b64a3e1273aa84ea31e7
                                        • Instruction Fuzzy Hash: C6212571C003498FDB14DFAAC440BEEBBF5FF48324F148429D819A7240C7789941CBA1
                                        Function 05FE6E08 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05FE6E7E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: e01bab854433576d4456056155f52577b067cde015f79fefaef014df5f060017
                                        • Instruction ID: 5768f1dbb10b81f3a336a697ad4d3143d04c157e8c5bb4d8d370320618137292
                                        • Opcode Fuzzy Hash: e01bab854433576d4456056155f52577b067cde015f79fefaef014df5f060017
                                        • Instruction Fuzzy Hash: 531189728003498FCB20DFAAC841BDFBBF5EF48320F148419E955A7250C779A941CBA0
                                        Function 0A6E3C9F Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                        Download Yara Rule
                                        APIs
                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0A6E3D1F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: FromMonitorPoint
                                        • String ID:
                                        • API String ID: 1566494148-0
                                        • Opcode ID: 7e459f351838e982ca5f4671800421735f8c6dace022971e6a26a3da85535afc
                                        • Instruction ID: c5a13b496dc9d8a97c1664fe8fa067f5b55d77cd8bec9e58cba357cef87d86c0
                                        • Opcode Fuzzy Hash: 7e459f351838e982ca5f4671800421735f8c6dace022971e6a26a3da85535afc
                                        • Instruction Fuzzy Hash: 41214AB59002499FDB20DF95D545BEEBBF5FB49310F10801AE965BB380C734AA45CFA1
                                        Function 0ACD4148 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • DeleteFileW.KERNEL32(00000000), ref: 0ACD41B8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913579672.000000000ACD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ACD0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_acd0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: DeleteFile
                                        • String ID:
                                        • API String ID: 4033686569-0
                                        • Opcode ID: a6cdd20d1ed9bcfc70c9f4c6e4d72b91fc3b8a636d88c4a0ce8f707f39435be0
                                        • Instruction ID: a6f2b86447a92694e4f24c4f2dc3fe7e1b1c37d5fb5ac1bf330ebbc828a1b938
                                        • Opcode Fuzzy Hash: a6cdd20d1ed9bcfc70c9f4c6e4d72b91fc3b8a636d88c4a0ce8f707f39435be0
                                        • Instruction Fuzzy Hash: 291136B5C0065A9BCB14CF9AC5447EEFBF4FF48320F15812AD918A7250D378AA45CFA5
                                        Function 05F6CB40 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 05F6CBB3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 2cc8b380175f3aa5ebf46da80b7423f7d95bfca59e188c6a3a81d7449b675be5
                                        • Instruction ID: a2b71e8752ac06765ab987c1404253b5438ce903b189d9e4f05382e2d1feab17
                                        • Opcode Fuzzy Hash: 2cc8b380175f3aa5ebf46da80b7423f7d95bfca59e188c6a3a81d7449b675be5
                                        • Instruction Fuzzy Hash: 6B2117B5D002499FDB10CF9AC484BDEFBF4FB48310F10802AE958A7250D378A944CFA5
                                        Function 05F64318 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 05F6438B
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891824639.0000000005F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5f60000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 3532fd1b6ca2ff84e7a7ac2c6c90a0f02bd5adb997285278d103191802491961
                                        • Instruction ID: b5b59438d6d0d952d02c325be4898db3f4c6037a163739c3408b8a382c64b892
                                        • Opcode Fuzzy Hash: 3532fd1b6ca2ff84e7a7ac2c6c90a0f02bd5adb997285278d103191802491961
                                        • Instruction Fuzzy Hash: 6D2114B5D002499FCB10DF9AC485BDEFBF4FB48320F10802AE868A7250D378A644CFA1
                                        Function 07B76DA8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,00000040,?), ref: 07B76E23
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1901442329.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7b70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 496c00f5e55f2b230be40008f3412e230ab5e7c766e3b2cab8531939a44a3880
                                        • Instruction ID: f1886a3ec1edeac17ec7c489b16030787a93080f783b63e77e97af8dc1189667
                                        • Opcode Fuzzy Hash: 496c00f5e55f2b230be40008f3412e230ab5e7c766e3b2cab8531939a44a3880
                                        • Instruction Fuzzy Hash: 8111D3B5D006499FCB20DF9AD485BDEFBF4FB48314F10842AE868A7210C375A645CFA5
                                        Function 07B71F4C Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,00000040,?), ref: 07B76E23
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1901442329.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7b70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: f48396a56b4c529c47303a709bccd7a4c95dbec7badff59c79e2943dd23d09cf
                                        • Instruction ID: c83e2be4ceffa3212b2aa7fd96ba4264dce049359b7ca20739246f17fefd6c6c
                                        • Opcode Fuzzy Hash: f48396a56b4c529c47303a709bccd7a4c95dbec7badff59c79e2943dd23d09cf
                                        • Instruction Fuzzy Hash: 4B2112B5D006499FCB20DF9AD484BDEFBF4FB48314F10842AE968A7200C375AA44CFA5
                                        Function 05FE6E10 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05FE6E7E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 55f8eaa4ddc01ff0c528ce012c596418872fd3fb61aad3010aea1182054e37ed
                                        • Instruction ID: 9d7d45bfb584fbcceef1d773b8389089773a0df8085e60fa67004e964afb876e
                                        • Opcode Fuzzy Hash: 55f8eaa4ddc01ff0c528ce012c596418872fd3fb61aad3010aea1182054e37ed
                                        • Instruction Fuzzy Hash: 3C1129769003499FDB20DFAAD844BDFBBF5EF48310F148419D515A7250C779A940CBA5
                                        Function 05FE7988 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05FE9CD5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: e66aca4dc2d98d8ca48ce9de7c1d56d13049ae583c7985529c1f5a879e552ebe
                                        • Instruction ID: df83b2bc3d4214444e6cf37a6f1c376d1acbd309d6100bb614f78276764452cb
                                        • Opcode Fuzzy Hash: e66aca4dc2d98d8ca48ce9de7c1d56d13049ae583c7985529c1f5a879e552ebe
                                        • Instruction Fuzzy Hash: A311F5B59043499FDB10DF9AC545BEEBBF8FB48314F10841AE959B7200C375A944CFA5
                                        Function 04715E78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNEL32(00000000), ref: 04715EDE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1889371368.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_4710000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 52576dba0ff3bd187c34ff10de52099338987715b34b0bbda3624efa218ece9d
                                        • Instruction ID: 79b25ffa627d977e8c935fb1498428861bde2fc5e803780defba825a00e82117
                                        • Opcode Fuzzy Hash: 52576dba0ff3bd187c34ff10de52099338987715b34b0bbda3624efa218ece9d
                                        • Instruction Fuzzy Hash: EE11FDB6C002498BDB24CFAAC444ADEFBF5AB88214F14842AD828AB210C375A545CFA1
                                        Function 05FE9C70 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05FE9CD5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891946760.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5fe0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 231f744f912e463d32b66d6124add17a4df376317370a2de373f254f01d08aac
                                        • Instruction ID: c54ad43816cd974efddfd751b3bcf723787601e9aa0062cae47ad05feba93cc5
                                        • Opcode Fuzzy Hash: 231f744f912e463d32b66d6124add17a4df376317370a2de373f254f01d08aac
                                        • Instruction Fuzzy Hash: C611F2B58003499FDB10DF9AD945BDEFBF8FB48314F10841AE959A7200C379A944CFA5
                                        Function 0A6E3C91 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                        Download Yara Rule
                                        APIs
                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0A6E3D1F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913250537.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A6E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6e0000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID: FromMonitorPoint
                                        • String ID:
                                        • API String ID: 1566494148-0
                                        • Opcode ID: c93603f596fb439dbfeb2bb192fcc9c9c4ee2958a39ab3dfcfecdab7ba1295ff
                                        • Instruction ID: efba3a3238512391daed8806949e7a094e5133da3c2e96d3c6dfb60a04142d94
                                        • Opcode Fuzzy Hash: c93603f596fb439dbfeb2bb192fcc9c9c4ee2958a39ab3dfcfecdab7ba1295ff
                                        • Instruction Fuzzy Hash: 2FF0E23A9067419FD721CB54E8183FFBBB0EB00321F268097D251EB291C2388C49CF62
                                        Function 05E9AC68 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: th)
                                        • API String ID: 0-3975476278
                                        • Opcode ID: 99f144878fffdfc3d1417f5ca34c6b3b0a2c5080526a07523c024e6be8cb3f30
                                        • Instruction ID: e04ff74ff83642ee6a0369159cf999ad7d41a310a298f38d84b837c335c45e2a
                                        • Opcode Fuzzy Hash: 99f144878fffdfc3d1417f5ca34c6b3b0a2c5080526a07523c024e6be8cb3f30
                                        • Instruction Fuzzy Hash: 084117B0D003589FDF18CFA9C884BDEBBB2BF88319F148529E859AB250D7749941CF95
                                        Function 0256ADE9 Relevance: .7, Instructions: 678COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4a0ae38ea5561340ecf077345c40ca9b33de719e34fa1009140ae5758437edea
                                        • Instruction ID: 4950244d4e68e79bae10634ed1bee246ea46d0b3473e18334ca04cb20139633c
                                        • Opcode Fuzzy Hash: 4a0ae38ea5561340ecf077345c40ca9b33de719e34fa1009140ae5758437edea
                                        • Instruction Fuzzy Hash: 6E329D757102118FDB259F28C898B3D7BA6FF84309F1944A9E502EB3A2DB35DC81CB59
                                        Function 02568A6F Relevance: .6, Instructions: 565COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3d072bd2705a4988d733176b106722727ee5f707fbc051cef1dae9cf96274809
                                        • Instruction ID: 88b0c4ca0018afec2ae550240ff86127252370dcb652cfe8d0dcadbcb36f95c6
                                        • Opcode Fuzzy Hash: 3d072bd2705a4988d733176b106722727ee5f707fbc051cef1dae9cf96274809
                                        • Instruction Fuzzy Hash: 07420D74A0031CCFFB159BA0C960B9EBA73FF84340F1081A9D50A6B794EE75AE859F51
                                        Function 025680D8 Relevance: .5, Instructions: 469COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 81b986599c100eb6a837d201be9f6b1019efed230cbf7069ecdef7500ae5e6c9
                                        • Instruction ID: 8da68bd26431a2bfc7391fdf9f4cf5f9a33d108fd911c98694ad29fe7c181675
                                        • Opcode Fuzzy Hash: 81b986599c100eb6a837d201be9f6b1019efed230cbf7069ecdef7500ae5e6c9
                                        • Instruction Fuzzy Hash: AE125A70A002499FCB24CF68D988AAEBBF2FF89314F148559E455AB361DB30ED45CF54
                                        Function 0256A7F8 Relevance: .3, Instructions: 315COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 26423c1c301cd58c5deaeaad02fff8cc1ffd0b99c51e187394f74e1f782da2b2
                                        • Instruction ID: 45874c149b447f62dcea2301cf49bd9185fd6a0217f61548de8de4a892660e6a
                                        • Opcode Fuzzy Hash: 26423c1c301cd58c5deaeaad02fff8cc1ffd0b99c51e187394f74e1f782da2b2
                                        • Instruction Fuzzy Hash: 10D11C75A00615CFDB04CFA9D588AADBBF2FF88314B1A846AE405BB361CB35EC41CB54
                                        Function 02566780 Relevance: .3, Instructions: 285COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e220561a6925915f0077c1b3ce992079654d2d65c87de5be82d9333ecdf8466a
                                        • Instruction ID: 7a39695bae1613d844f28a2f22e8f14bd245487aa9a2aa6afc37a91af864d981
                                        • Opcode Fuzzy Hash: e220561a6925915f0077c1b3ce992079654d2d65c87de5be82d9333ecdf8466a
                                        • Instruction Fuzzy Hash: 4AA1DF34B00215DFEB15AF64C858B7E7BAAFB88351F148428E906DB291CB78DD41CBA4
                                        Function 0AC79408 Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c5c20aad9d9b59dc92fbabf05e6d562f99a0dfd032c45f2828869650f36c268
                                        • Instruction ID: c6d1181652073d79ffc0570394295b292bbf3184e95bdd767acf62f07aadd861
                                        • Opcode Fuzzy Hash: 4c5c20aad9d9b59dc92fbabf05e6d562f99a0dfd032c45f2828869650f36c268
                                        • Instruction Fuzzy Hash: DFC1E475910619DFDB10EF68C844A9DFBB1FF49304F05C299E949BB215EB30AA89CF90
                                        Function 0AC7B928 Relevance: .2, Instructions: 233COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eae3bd74381d7da1f018b9b8804e34bb558d03c5b1959afeda46c41e96803704
                                        • Instruction ID: d51754c48495edc02d1c1679d6dab19d4231ced4444b3f00d5035c5431e4a97c
                                        • Opcode Fuzzy Hash: eae3bd74381d7da1f018b9b8804e34bb558d03c5b1959afeda46c41e96803704
                                        • Instruction Fuzzy Hash: BB816C71A582048FD304BBBDD59922EBFE6BBC8300F81896DE485D7350EE389C19D796
                                        Function 02566E80 Relevance: .2, Instructions: 231COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 421094c164ee8bdaba409313998904c9e64fd8ad0c85a07e0934e8f37fdc48c7
                                        • Instruction ID: 4b1afb748d26d19461d1d322b2c57412525a54d40cdf63af46e4b6160f318e50
                                        • Opcode Fuzzy Hash: 421094c164ee8bdaba409313998904c9e64fd8ad0c85a07e0934e8f37fdc48c7
                                        • Instruction Fuzzy Hash: 54817C34A005058FCB14CF69C988A7AFBB6FF8C328B158169D405EB365DB36E841CFA5
                                        Function 0AC78384 Relevance: .2, Instructions: 228COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8a2fa36135dae9dfa8b59ab8b86ccb6c5348e1ac91385da6366bc82cd9b3c535
                                        • Instruction ID: 8379f5e2139e098c85faf5f1e9fc6a5ecfa77e807d15da6ce1fca04e51aaf8aa
                                        • Opcode Fuzzy Hash: 8a2fa36135dae9dfa8b59ab8b86ccb6c5348e1ac91385da6366bc82cd9b3c535
                                        • Instruction Fuzzy Hash: 2091E076E00209DFCF11CFA9D8846DEBBB5FF88310F25852AE919AB254E730A955CF50
                                        Function 0256B9C8 Relevance: .2, Instructions: 227COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 573f4dd4a4c7ecd3da9dae940c99c5e7306c0308f4cbda2ca47a951349f5ccd3
                                        • Instruction ID: 4a12cbb537da1d5acfea59304c5919f2ea29251f811872015a9f6c17b1646f20
                                        • Opcode Fuzzy Hash: 573f4dd4a4c7ecd3da9dae940c99c5e7306c0308f4cbda2ca47a951349f5ccd3
                                        • Instruction Fuzzy Hash: 8081BE746002068FDB01CF68C888BBEBBB6FF49314F5584A6E954EB355D732E902CB65
                                        Function 025686B8 Relevance: .2, Instructions: 201COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 82a60d8728973c202af24255899fa62cc2ade1250c2f6af2933fcda5986589ab
                                        • Instruction ID: 3da66687968e5dc34a21c392b895b15107a4fc8e1d2e1a218eecd59d7fd9bfc9
                                        • Opcode Fuzzy Hash: 82a60d8728973c202af24255899fa62cc2ade1250c2f6af2933fcda5986589ab
                                        • Instruction Fuzzy Hash: 7C7114387002058FDB15DF28C88CA7E7BE6BF89254B1904A9E906CB3A1DB75DC45CB95
                                        Function 02566A88 Relevance: .2, Instructions: 201COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8409a464b2749f0378e78a05f5d407cfff0f1b341b2db1aa61e5127ff4641f41
                                        • Instruction ID: 4cd381155374e98ebe8be0f79dcce60b775df7d27d761c5e344c063ce815838f
                                        • Opcode Fuzzy Hash: 8409a464b2749f0378e78a05f5d407cfff0f1b341b2db1aa61e5127ff4641f41
                                        • Instruction Fuzzy Hash: 5761DD70300611CFEB259B39C85873A7AABFB88355F148929E546CB3A1DF78CC81C799
                                        Function 0AC77978 Relevance: .2, Instructions: 180COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0fc31ce9dd11a7eac5bbfcea1dd4fc86e5d88cca9c1cf798de34ac2b0aef1e43
                                        • Instruction ID: 453ede1f27d600c9cdadfee4d81edbdabb14e03c860690b1b649270984e3f6c9
                                        • Opcode Fuzzy Hash: 0fc31ce9dd11a7eac5bbfcea1dd4fc86e5d88cca9c1cf798de34ac2b0aef1e43
                                        • Instruction Fuzzy Hash: 6481D434A00248CFDB19DFA8C594A9CBBB2FF49304F1685A9D809AF366DB75E945CF40
                                        Function 0AC77952 Relevance: .2, Instructions: 173COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 27ff34510c24420e5b38f8226533ab97bc140d93d8c765b29c56f170dd93a1fd
                                        • Instruction ID: a0a494c010f697c060f901cb78a3030df7af90b283769bcd66507121b17d8ceb
                                        • Opcode Fuzzy Hash: 27ff34510c24420e5b38f8226533ab97bc140d93d8c765b29c56f170dd93a1fd
                                        • Instruction Fuzzy Hash: ED81E534A00348CFDB19DFA8C594A9CBBB2FF45304F1685A9D805AF36ADB75E949CB40
                                        Function 0AC7C8F8 Relevance: .2, Instructions: 167COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8dddd3635852aea39cf38c3aee89cf0a93c0f6a4385eef8c6a1d0c087ae11799
                                        • Instruction ID: b6d75f46fd5ed3cc0abd72aa8fd4aaf8305619cd6a121aeef2f67dd3ec70c578
                                        • Opcode Fuzzy Hash: 8dddd3635852aea39cf38c3aee89cf0a93c0f6a4385eef8c6a1d0c087ae11799
                                        • Instruction Fuzzy Hash: 9B512876704210AFDB25EB28C0503BDB7A2FFC5340B1A85AAD4499B792CF34AD46CB91
                                        Function 0256F048 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4b2f2d50e5035c38625d9f699cc49bf899162dd859e8b35c87b253be24d064c2
                                        • Instruction ID: 6c5d638df10374114c6280b446aed11d331c0370e570d16782a052b8b40d92bf
                                        • Opcode Fuzzy Hash: 4b2f2d50e5035c38625d9f699cc49bf899162dd859e8b35c87b253be24d064c2
                                        • Instruction Fuzzy Hash: B451C171E042489FCB01DFA898646EFBFF6BF8A210F1481A6D445A7252DB309D42CBA5
                                        Function 0256D280 Relevance: .2, Instructions: 150COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f255d1f3b872e0b929f45014cbd2a49708854f7cea85a380450fc457d29d5da5
                                        • Instruction ID: 943f27e2460149c3e9fa6c9b42b1b447e0835f6ae4bdf07f7383dac8433626de
                                        • Opcode Fuzzy Hash: f255d1f3b872e0b929f45014cbd2a49708854f7cea85a380450fc457d29d5da5
                                        • Instruction Fuzzy Hash: 1851C275E012089FCF44DFA9D994AADBBF2BF88300F24812AD809B7355D7746946CF50
                                        Function 0AC75D30 Relevance: .1, Instructions: 147COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5c939caef4f5b1336934742fa90fc5a79828e6ac2b77cb7359c6b906007030bb
                                        • Instruction ID: 41b5b2547e9bfcc2cd30be38fd13da77d50d2b5ca7dd0ab87e40b27cecd07437
                                        • Opcode Fuzzy Hash: 5c939caef4f5b1336934742fa90fc5a79828e6ac2b77cb7359c6b906007030bb
                                        • Instruction Fuzzy Hash: FA511835A1060A8FCF14EFA8C8848ADF7B5FF89310B518669D416BB315EB34ED85CB90
                                        Function 0AC77620 Relevance: .1, Instructions: 141COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c4e839bae97bf7fbfdd29f70db0f8ecb8553299dc9f35879995278ca852f53ff
                                        • Instruction ID: 190257b3ed51a36fcbe5772f59f09774a688bb961a771af5689beb6aad71ab3c
                                        • Opcode Fuzzy Hash: c4e839bae97bf7fbfdd29f70db0f8ecb8553299dc9f35879995278ca852f53ff
                                        • Instruction Fuzzy Hash: FE51EF78A05349DFDB16CF68C9146AEBBB2BF85300B1680AAE805DB352DB35CD01CF91
                                        Function 0AC74528 Relevance: .1, Instructions: 141COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d065d9c48b31408e6ff7d18f469abe5ab40150eb65e185a42c5e4290b9e0bf7c
                                        • Instruction ID: 26ef4edfd35ccd292e56793f79615e1b423fc862c3c7b7eab519b71bb89d422e
                                        • Opcode Fuzzy Hash: d065d9c48b31408e6ff7d18f469abe5ab40150eb65e185a42c5e4290b9e0bf7c
                                        • Instruction Fuzzy Hash: 2641F3393143119FCB24EB68C900B6EB3F6AFC5221F26876EE169DB3D1CA749D058B51
                                        Function 0AC79A08 Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8a5016101a400262e4168f2e4ca8dac0eaa3dd1abec66b1fc1e21149e3bf68d
                                        • Instruction ID: a98f437980425fa4e8b54eea45321b4dbd1123e6f5a42ac44c3ca1d008b078dd
                                        • Opcode Fuzzy Hash: d8a5016101a400262e4168f2e4ca8dac0eaa3dd1abec66b1fc1e21149e3bf68d
                                        • Instruction Fuzzy Hash: 43517675900219DFCB14DF98C9849EDBBB1FF88310F168559E806BB254D770AA85CF80
                                        Function 0AC776C8 Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fbe8226a655569a89054ae2e10470e59f8ec7e123e388e503e24da92ccfaf7ee
                                        • Instruction ID: 63e6addb0f0d4c2ab7beabf357b84ebe2378177249f1692a131ca4527d866b60
                                        • Opcode Fuzzy Hash: fbe8226a655569a89054ae2e10470e59f8ec7e123e388e503e24da92ccfaf7ee
                                        • Instruction Fuzzy Hash: 05418C38B10209DFDB25DFA8D958A6EBBF6BF84300B128029E402E7251DB35D941CF91
                                        Function 0AC76600 Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e4db53d77e229b3a8b2b130799f6364fb79bcd095f591652baa3314375e3dc4c
                                        • Instruction ID: 031da07f4a09ff8633dcdac9129cedd49a1cb04e609cbe1c798c0cae416a4a25
                                        • Opcode Fuzzy Hash: e4db53d77e229b3a8b2b130799f6364fb79bcd095f591652baa3314375e3dc4c
                                        • Instruction Fuzzy Hash: 8151A435A10609DFCB00EFA8D4849EDFBB5FF89304F11C55AE516AB321EB31A949CB90
                                        Function 02564AA8 Relevance: .1, Instructions: 129COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f44d0deb59c47d8f2ff047829e16ff377cc4d9f1ce95260c40ca60f088fb36e
                                        • Instruction ID: c645f8f0e3cf9637a6d537b4310beb344513dac93a1fee806ffc67cb7d667beb
                                        • Opcode Fuzzy Hash: 7f44d0deb59c47d8f2ff047829e16ff377cc4d9f1ce95260c40ca60f088fb36e
                                        • Instruction Fuzzy Hash: 9351F474E00248DFDB05EFE8D954AADBBB2FF89300F108429E856A73A4DB756942CF11
                                        Function 0256A3C8 Relevance: .1, Instructions: 127COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cbd9682870beb0ba8572e025f792dc74bb1d55e355d2a02b4d912b64a583480d
                                        • Instruction ID: 6fd02aa79dcdfbacd331e6797eede582ebc3ca5c9415e6b1c91e21b91e39b6b4
                                        • Opcode Fuzzy Hash: cbd9682870beb0ba8572e025f792dc74bb1d55e355d2a02b4d912b64a583480d
                                        • Instruction Fuzzy Hash: F241CE357002048FDB149B69D858BAE7BB7FBC8611F144569E906EB791CE35DC02CBA4
                                        Function 0AC75D20 Relevance: .1, Instructions: 126COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 06ed700989a8b13c9cb00073ac7408659eb0fc894ecab84c69e03505871a144c
                                        • Instruction ID: 5f9aaf62bd6c9814cd0c3c47e7f8042b2d79d2dfd36eb61ae2785baa81558cd1
                                        • Opcode Fuzzy Hash: 06ed700989a8b13c9cb00073ac7408659eb0fc894ecab84c69e03505871a144c
                                        • Instruction Fuzzy Hash: 17414835A0060A8FCF10DFA8C8949ADF7B1FF89310B558669D816EB311EB34E985CF90
                                        Function 02564AB8 Relevance: .1, Instructions: 124COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 279653116cf9dea59ca6694ae92a2a6f29ff6253d0f9d2e356cfc43c170197ce
                                        • Instruction ID: 55e346cfcf77ffffa5f3687773fb09f531851392ad2be1df99a7ff707ea8a9bd
                                        • Opcode Fuzzy Hash: 279653116cf9dea59ca6694ae92a2a6f29ff6253d0f9d2e356cfc43c170197ce
                                        • Instruction Fuzzy Hash: 7751D474E00208DFDB09EFE8D954AADBBB2FF89300F108429E816A7394DB756942CF54
                                        Function 025697CB Relevance: .1, Instructions: 121COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f3580e2492961bd945b100fd1be399530d17c5ed896c7ea5cb7eb08463330b57
                                        • Instruction ID: 16f05272680691e3fe771d75c2e05b67b7bd655f718e919c43c0c23ac810b960
                                        • Opcode Fuzzy Hash: f3580e2492961bd945b100fd1be399530d17c5ed896c7ea5cb7eb08463330b57
                                        • Instruction Fuzzy Hash: 95419D35A04249DFCF11CFA4C888BADBFB2FF89320F008556E855AB291D335D951CB94
                                        Function 0256EC48 Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6e7a731527295cc051572dffbdf2100123e880381818da08ae2044e8e8652de
                                        • Instruction ID: 322fae4d447d1001a684eebc20373d4743f9eb423dedaf166e66eb7f5325c4c3
                                        • Opcode Fuzzy Hash: e6e7a731527295cc051572dffbdf2100123e880381818da08ae2044e8e8652de
                                        • Instruction Fuzzy Hash: 7541F3393012059FDB169F28D819A7A3FA6FF89311B048069F909CB392CB38CD11CB64
                                        Function 0AC79C70 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c73a881207da5966beec00762be8663175d2634f2dd5db3bfb5875357e9464c7
                                        • Instruction ID: fd070ab60a6a5ff4b6d3c959fd5f6320ee8e4f6b632200b4fb4522023d20a436
                                        • Opcode Fuzzy Hash: c73a881207da5966beec00762be8663175d2634f2dd5db3bfb5875357e9464c7
                                        • Instruction Fuzzy Hash: 7F31E5B6E003589FDB14DFAAC5047AEFBF5EF88210F15841AD859E7341DB3899018BA1
                                        Function 0AC75F28 Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5834900731cd82f848905d747e5f0484e96d42a7be98b676160188e32cedfe90
                                        • Instruction ID: 4bd167171afb6327cf00efd7c51443f07b2bf09e9ba349d124f68ca6d49fe68d
                                        • Opcode Fuzzy Hash: 5834900731cd82f848905d747e5f0484e96d42a7be98b676160188e32cedfe90
                                        • Instruction Fuzzy Hash: 54414F35920618DFCF04EFA8D955AEDBBB1FF49300F518129E94577250EB30AA98CF91
                                        Function 0AC76958 Relevance: .1, Instructions: 100COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 96307306bc8efb829f84e50eec4d5ff53956f1cf39434d36cd7dad8ed5c3d21a
                                        • Instruction ID: 799d6d6d4c4f2d40fdbe8a5b7faf0228f962be2989faf41d0a5b3ab384f21c2e
                                        • Opcode Fuzzy Hash: 96307306bc8efb829f84e50eec4d5ff53956f1cf39434d36cd7dad8ed5c3d21a
                                        • Instruction Fuzzy Hash: B3318D75A10618DFCB14DFA9D8446AEBBB6FF88310F11822AE406A7320DB759D45CF91
                                        Function 025659C8 Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21816667db9a336e14ce3770573cd4f17bd8f770ac4a96612020a98d90fd20ec
                                        • Instruction ID: 689b626b1750d91c9049352abab49a84ed68bd250132c0c53dec522d15605c9b
                                        • Opcode Fuzzy Hash: 21816667db9a336e14ce3770573cd4f17bd8f770ac4a96612020a98d90fd20ec
                                        • Instruction Fuzzy Hash: DA317C363002099FDF01AF54D898A7E7BA2FB88316F008028FD0687350DB76DD55DB94
                                        Function 0256B911 Relevance: .1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: acca5cadbf9d975708b5e3ac00d24d6c7d92c9d183ecee3420f901dbabf70481
                                        • Instruction ID: a8f6041c167c3b51ecd2b75e0be969b5a107479d7c8055ad8840d67e8b26de10
                                        • Opcode Fuzzy Hash: acca5cadbf9d975708b5e3ac00d24d6c7d92c9d183ecee3420f901dbabf70481
                                        • Instruction Fuzzy Hash: E231B5728056454FC7068B28C988775BF71BF8332C70A43A6C5A8EB6E3C725E857CB95
                                        Function 05E98365 Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4db61c156e0d8a8678cc9cfb374036e3abb57eb654cf36ac35484d805ff4f6cb
                                        • Instruction ID: 5e1bdfab7e5dce6d32b38abbb4baa97c7946b8fcb41cc6be0da8fa5c0afc94cc
                                        • Opcode Fuzzy Hash: 4db61c156e0d8a8678cc9cfb374036e3abb57eb654cf36ac35484d805ff4f6cb
                                        • Instruction Fuzzy Hash: 5B318B70A502198FDB19EF78D995AAD7BFAFB88310F4040A9D459E3351DA349E80CF40
                                        Function 0256B7F0 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2b0b59dc602ea87b00f8fde4c920e9db4d11d9544c77987065a5922dd620d27d
                                        • Instruction ID: 23981c8d4959997e9743d81902e68954a5f1e10cc88aa30642388bc724821401
                                        • Opcode Fuzzy Hash: 2b0b59dc602ea87b00f8fde4c920e9db4d11d9544c77987065a5922dd620d27d
                                        • Instruction Fuzzy Hash: 1421E372801A059BC204CB28C888661BB76BFC133C7198355C878A77D6CB31E852CBD8
                                        Function 02568960 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5d0f1fd23c6b53eac3fd547d4292afc687eddc910198482413bd75ba9865d1c5
                                        • Instruction ID: d7132e684c4cbe67b54335532b7ea015a73aafb0622cf9d7c2c980ca2d47edac
                                        • Opcode Fuzzy Hash: 5d0f1fd23c6b53eac3fd547d4292afc687eddc910198482413bd75ba9865d1c5
                                        • Instruction Fuzzy Hash: 2121B0303002104BEB25163AD46C73E3AA7BFC4769F148439D902CB794EF6ACC89D386
                                        Function 02567FD9 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 580a53b94ea041bd64bdabeea0b167f504e5f29416cc2d447a085bb8a12fefcb
                                        • Instruction ID: 572066447c1c817f97d5107f20cc22dbb93967971780029a08d6ea4f095c1997
                                        • Opcode Fuzzy Hash: 580a53b94ea041bd64bdabeea0b167f504e5f29416cc2d447a085bb8a12fefcb
                                        • Instruction Fuzzy Hash: 8A31F1716046108FEB058F28D89C7757BA1FF4A374B464B92E8688F3E2C731A809CB58
                                        Function 0AC76780 Relevance: .1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8acaf9b4f41257f3d700debde111ba9d973c05f28ac65c11f14d133c86945b9
                                        • Instruction ID: 462d79951def7f1eafe2e7fd7965082b1e1053fd946a122b6cd6b405124fba54
                                        • Opcode Fuzzy Hash: f8acaf9b4f41257f3d700debde111ba9d973c05f28ac65c11f14d133c86945b9
                                        • Instruction Fuzzy Hash: 4B313035A10609DFCB05EFA8D8548EDBBB5FF89304F018659E505AB325FB30AD49CB91
                                        Function 02568950 Relevance: .1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69108ba87b4cc1a82829ab30e787f4c80f8a11e24fcfc75c40e217ccd35be29b
                                        • Instruction ID: f49a1ac2d85fffc1b71f722712337a7bf3709ec13c7dd63c23e31bb1a2660bca
                                        • Opcode Fuzzy Hash: 69108ba87b4cc1a82829ab30e787f4c80f8a11e24fcfc75c40e217ccd35be29b
                                        • Instruction Fuzzy Hash: 9821AF353102008BDF265735986C73D3EA6BFC4369B048429D902CB395EF6AC889D746
                                        Function 0256C934 Relevance: .1, Instructions: 84COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 28795b0f5b88e38858ba920460d8a5cac520698ddf340130353211975487e690
                                        • Instruction ID: 002ee49c4b215d919295262317b3043c3a3f396200f474a755571355bd858cee
                                        • Opcode Fuzzy Hash: 28795b0f5b88e38858ba920460d8a5cac520698ddf340130353211975487e690
                                        • Instruction Fuzzy Hash: B7313470D01248DFDB24CFA9C584BEEBFF1BF48310F24842AE858AB250CB759942CB90
                                        Function 0256C940 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3b7deae97f68f9b34bab4ca695446485c5ac444b3158f62847318895e071ab43
                                        • Instruction ID: acd3045d3254c0c0fdedb088d8b35520d1cb05ab2c27cd1156415d3d763e0745
                                        • Opcode Fuzzy Hash: 3b7deae97f68f9b34bab4ca695446485c5ac444b3158f62847318895e071ab43
                                        • Instruction Fuzzy Hash: 6D311770D002489FDB24DFA9C584BEEBFF5BF48340F24841AE859AB250DB759941CB90
                                        Function 0256F8C0 Relevance: .1, Instructions: 82COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 050134c0659d0fcb72da282a1c0190fbde75e7aeaba0017f65330842e8aa919f
                                        • Instruction ID: 80e70570b5644b9b6727015ab990460b313632c82d1d3021ff343bbe4d011dac
                                        • Opcode Fuzzy Hash: 050134c0659d0fcb72da282a1c0190fbde75e7aeaba0017f65330842e8aa919f
                                        • Instruction Fuzzy Hash: 03314A70E00218ABEB14DFB5E8587EEBBB2FF88315F204529D402A7684DB385D46CB65
                                        Function 08F55EE8 Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc47f04b6ec26547c229404b061f8c13bbdc64da4b2f518c840bf2d057ea7c67
                                        • Instruction ID: 61d97a6f0e684f673b9c3129e3e31035bd8681a7d4023bdf68f50ca1bc4b3233
                                        • Opcode Fuzzy Hash: dc47f04b6ec26547c229404b061f8c13bbdc64da4b2f518c840bf2d057ea7c67
                                        • Instruction Fuzzy Hash: FE216B7BA001289FD304D678DE8272ABBDEFB8C310B459217ED1AE7350DA25EC008AC0
                                        Function 0AC799F8 Relevance: .1, Instructions: 80COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34254f0f6b7ea5fc311fb2e3e7271543451bb6922512fd443c24649c6d5ef42f
                                        • Instruction ID: d8bac3e1c1ac4e9dfa7d0ebb83773d5b851ce01dd3e4a51a968186ddd1563997
                                        • Opcode Fuzzy Hash: 34254f0f6b7ea5fc311fb2e3e7271543451bb6922512fd443c24649c6d5ef42f
                                        • Instruction Fuzzy Hash: 37315774D11219DFCB14DFA8C5449ECBBB1FF48310F118559E8467B248E770AA99CF80
                                        Function 08F55DA1 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66a7d472a23cd40860cda78975c380c286c86da4a5540b5f74d724398670eaa5
                                        • Instruction ID: 1b96d4016261d3be85bbce851bf2d128abf15cedea73189a68abfa1e110872ed
                                        • Opcode Fuzzy Hash: 66a7d472a23cd40860cda78975c380c286c86da4a5540b5f74d724398670eaa5
                                        • Instruction Fuzzy Hash: B3218E7375412B8BD344C678D8566377A4BA7CC621F809313CD46DB3C1ED28ED5246D1
                                        Function 08F55DB0 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc22fe5891b161391ca7d699b38f12fa38a748fae21d9152cb2948770ae050b4
                                        • Instruction ID: 2c4b4b002ac98cfd6aa350258db5f27251a590fff57a9a99aa0e9ac78599fb8c
                                        • Opcode Fuzzy Hash: dc22fe5891b161391ca7d699b38f12fa38a748fae21d9152cb2948770ae050b4
                                        • Instruction Fuzzy Hash: A8218B7376422B8BC3449A79D8455277A9BA7CC221B809317C907CB3C1DD28EE028AA1
                                        Function 0AC756A8 Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 830fa653ac75875ca555545cef5b62848b774a8c1d6bd5c805207931135d9a8f
                                        • Instruction ID: dcd0db752436e607d9d6296a9b0a823a3e6c108e1de27eb1deb386c6dbcbf2c5
                                        • Opcode Fuzzy Hash: 830fa653ac75875ca555545cef5b62848b774a8c1d6bd5c805207931135d9a8f
                                        • Instruction Fuzzy Hash: 3C215E35E10609CFCF01EBA8D9486AEB7F4FF88210F01826AD519E7360EB309A45CB91
                                        Function 06349B63 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892857318.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6330000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 939d0bc7b36e4a10bdf80ae8a612622569f0dc614484ffb226cdebdeba1e2b02
                                        • Instruction ID: 80b49b6b97f2b8595c26ab487b7f5f71a234a79b093d826a6b025ba99e3b7cea
                                        • Opcode Fuzzy Hash: 939d0bc7b36e4a10bdf80ae8a612622569f0dc614484ffb226cdebdeba1e2b02
                                        • Instruction Fuzzy Hash: B2317A74A12214CFDB14EF78D99475ABBB6FB88300F8095A9D50993341DB38AE84DF45
                                        Function 06349B44 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892857318.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6330000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f291bb0ed119c54fe9a59b1f58cf4825a111fd72bef71f392f013bbc5b1b2376
                                        • Instruction ID: f0085b77161f7d65b5640ce849c231ec0ab23cf4d0295a4882889c8aea4d08ee
                                        • Opcode Fuzzy Hash: f291bb0ed119c54fe9a59b1f58cf4825a111fd72bef71f392f013bbc5b1b2376
                                        • Instruction Fuzzy Hash: 5031ABB4A02214CFDB54EF78D89475ABBB6FB88300F8094A9D509D3381DE38AE80DF45
                                        Function 0AC725E8 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: faf1b04c48efeb60796672e16964c71e3cde95a201e440ac7e594cf9feb7c614
                                        • Instruction ID: 09dd78a01a312a77ddf8a17286ff05a787e3c66d32b187b57fdb6b295f148857
                                        • Opcode Fuzzy Hash: faf1b04c48efeb60796672e16964c71e3cde95a201e440ac7e594cf9feb7c614
                                        • Instruction Fuzzy Hash: 05314970E012288FCB55EF78D9C476EBBB6BB88300F4085A9D449AB340DA34AE80DF45
                                        Function 06349B4E Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892857318.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6330000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34bf8a0d5ccecc7bd8b9ec62bd2def7a6e4b91fa21f0d930d64fbbc61ea8c8b7
                                        • Instruction ID: f1059a5f83407991874c440421d0f0e1a72859499bcfe9932167e693747874ae
                                        • Opcode Fuzzy Hash: 34bf8a0d5ccecc7bd8b9ec62bd2def7a6e4b91fa21f0d930d64fbbc61ea8c8b7
                                        • Instruction Fuzzy Hash: 8E319CB4A12214CFDB54EF78D89475ABBB6BB88300F8094E9D509D3341DE38AE84DF45
                                        Function 02566CD8 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d499a8700aefd3c3f66e1dbd75b6cce4d7dc470a4ce0647748f1abda6ba135a2
                                        • Instruction ID: 5268e21fc20e72cb237aec5c1bdf8c6fcc48e84d7c77d32f42f0efb5466268e5
                                        • Opcode Fuzzy Hash: d499a8700aefd3c3f66e1dbd75b6cce4d7dc470a4ce0647748f1abda6ba135a2
                                        • Instruction Fuzzy Hash: 7F21FF39704611CFCB256B29D45863E7BB6FF85355B098469D906CB395CF38DC02CB90
                                        Function 05E95F10 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cafe82e6836ab805fed0e2cf3375b165c023278518aa6388ff25ee1cce328977
                                        • Instruction ID: 9dc70f39fb4f8324965ef65afb89e74477f3cc6415c2ff771ff384c9606db038
                                        • Opcode Fuzzy Hash: cafe82e6836ab805fed0e2cf3375b165c023278518aa6388ff25ee1cce328977
                                        • Instruction Fuzzy Hash: 3B110632205614DFDF05DF18D881A6AFBEAEF85320719C1A7E809CF242D731E842C7A0
                                        Function 00A6D030 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868327143.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6d000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 42b045584c128689f951076fd7aa90c31a110a8676005b8b2a8e6a5586ca4fdb
                                        • Instruction ID: 75183fa7503b1f00b43dd6ab33d9446320c879591f6a26c02f08e615e2a46c0f
                                        • Opcode Fuzzy Hash: 42b045584c128689f951076fd7aa90c31a110a8676005b8b2a8e6a5586ca4fdb
                                        • Instruction Fuzzy Hash: 7121F2B1A04244DFDB14DF14D980B26BBB5FB84314F34C56DD90A4B296C37BD847CA62
                                        Function 00A6D1E8 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868327143.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6d000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78611b0da675123ebfbc41daec22d7fc704aee62df46a0e65081e05b87d290f6
                                        • Instruction ID: a963e078d2949d592c186b708816d1eb2380d0e0ec1b41146d78296389cf4ad1
                                        • Opcode Fuzzy Hash: 78611b0da675123ebfbc41daec22d7fc704aee62df46a0e65081e05b87d290f6
                                        • Instruction Fuzzy Hash: A72122B1A04300EFDB05CF20C9D0B66BBB5FB98314F24C56DE80A4F246C376D846CAA1
                                        Function 0AC725D6 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6fa033d52a0047910a7976a3f38b71908580fb59764b4342f9bb5e8394041b5
                                        • Instruction ID: 17b2ae2e052aa5ce65bb1dcdea1c36c3d2807d3e0dd6637be76a4c1a5516ad0e
                                        • Opcode Fuzzy Hash: a6fa033d52a0047910a7976a3f38b71908580fb59764b4342f9bb5e8394041b5
                                        • Instruction Fuzzy Hash: 70211C70E112188FCB55EF78D98476EBBB6BB88300F5085E9D44DA7340DA34AE80DF44
                                        Function 025659A0 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd33466d6d641cd605b72dbcd8529fd816463aa1ce9ee6d9471ae8de0bb316eb
                                        • Instruction ID: 2cdd91a18478669e2f148cfc5f55b953cdc35c68935cc858d90f37b6605161d6
                                        • Opcode Fuzzy Hash: fd33466d6d641cd605b72dbcd8529fd816463aa1ce9ee6d9471ae8de0bb316eb
                                        • Instruction Fuzzy Hash: C02106316093898FDB029F28D85876A3F72FF55316F04C09AE9458F2A2D7799C48CB95
                                        Function 08F58CC0 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 474074b9e005d8abe32d748671ce2f11edd15f9d03af12fa98afd74b40b1caa6
                                        • Instruction ID: 2705fe1fc1afaaa7158b3a850be4c0e7d963f34b01cc9a2ab2f03e1ca538f4de
                                        • Opcode Fuzzy Hash: 474074b9e005d8abe32d748671ce2f11edd15f9d03af12fa98afd74b40b1caa6
                                        • Instruction Fuzzy Hash: D91124766146146FD301CB68DC94B6BBFEEFB88320F448566E859D3241DA38BC05C7A0
                                        Function 0256B639 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0231516fb0393f9e34a3f2e87d456bc2289d12e2ad2b3ce1d79de5a618c6a658
                                        • Instruction ID: a936c548c493044281d2062ab6c358cc9613dcd2d9ccb4cf49aa1381a44165f9
                                        • Opcode Fuzzy Hash: 0231516fb0393f9e34a3f2e87d456bc2289d12e2ad2b3ce1d79de5a618c6a658
                                        • Instruction Fuzzy Hash: A4215A75A012089FDB05DFA5D594AEEBFB6BF88309F148029E811F7250DB35D940DB60
                                        Function 0AC74518 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 35ff1099082e61f9fb393198c679fd22f30c16b6221df0014c49884f10b3c553
                                        • Instruction ID: c0f852fde00c514f47eb67e2800969959f29cba932af9435b6070e8e54ded383
                                        • Opcode Fuzzy Hash: 35ff1099082e61f9fb393198c679fd22f30c16b6221df0014c49884f10b3c553
                                        • Instruction Fuzzy Hash: A511EE3A610301CFCB249F28C545BAEB7E2EF85612F0A806AE1498B3A1D674AD01CF11
                                        Function 0256A3B8 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1748e1c9bdbd3e1154af251d6d3af0941c3a559aba3ce34f418360fae469ba29
                                        • Instruction ID: 59d29ef7fa9f2fd9b831d719f9348139cae604a33a982b642dbaa935b77e5f9c
                                        • Opcode Fuzzy Hash: 1748e1c9bdbd3e1154af251d6d3af0941c3a559aba3ce34f418360fae469ba29
                                        • Instruction Fuzzy Hash: 6B115E75700108ABDB14DF58DC98BEDBBB6FB8C211F104125E916A7750DB71AD11CBA0
                                        Function 0256EB91 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 081a253d49b50c79fe6406eda8e798a68211b7f163d391f144ae6c7c1b4d397e
                                        • Instruction ID: 229d9b5d5c59aec0b4acbce97cac17f141afb53f7e8be69c2b9b98455a7333a9
                                        • Opcode Fuzzy Hash: 081a253d49b50c79fe6406eda8e798a68211b7f163d391f144ae6c7c1b4d397e
                                        • Instruction Fuzzy Hash: 98117275E0125A9FCB10DFA9D844AFEBBB5FF85210F10852BE611E3251D3345A15CBA0
                                        Function 08F5B008 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 737ff64b9ae5a0ec2889158b30d06458c1c5bf0e7d908b807959d17567aee10e
                                        • Instruction ID: 2640a7d3fc927beb0268006f0b2b02e90f2d72abd7fc194154ea7d2bfe3600dd
                                        • Opcode Fuzzy Hash: 737ff64b9ae5a0ec2889158b30d06458c1c5bf0e7d908b807959d17567aee10e
                                        • Instruction Fuzzy Hash: 411108215082E09FD701CB78D865AEABFB4AF4A231F18C1DADA94DB242C721D942CB95
                                        Function 0AC72C8C Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ae513b331e454c7f61c610db4bbf36f14c964b6e5b944fad940a1f10e85c8714
                                        • Instruction ID: 6e4931c7c4155f9eb8ef0cb7a1c67dfeabd73250843c68ea294fd3c944aea9db
                                        • Opcode Fuzzy Hash: ae513b331e454c7f61c610db4bbf36f14c964b6e5b944fad940a1f10e85c8714
                                        • Instruction Fuzzy Hash: 42215770E016188BCB54EF78DC896AEBBB2BB88301F9085A9D449A7250DA345D889F55
                                        Function 0AC7E3A8 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9cb52eec07e4f193ce178f496992a4b71155fdcf6d01200cc2ced66d69d2520
                                        • Instruction ID: 1faacb3bc997b44f531cb10022b9b942215080c9c40868ebcb2637999996b57c
                                        • Opcode Fuzzy Hash: e9cb52eec07e4f193ce178f496992a4b71155fdcf6d01200cc2ced66d69d2520
                                        • Instruction Fuzzy Hash: 4D11E5363003109FEB24DAA9C850B2E7396FFC5354F5AC479E9559B281CF70E9068B91
                                        Function 0AC73080 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bce7852c8f7c1e17828b2272a1cc5ecaba8989c7cadea47a122af23115ec3c43
                                        • Instruction ID: f1dbac3266da9123be09c69cac78d9a3bb4a4265538bf368fd9d3b803633c52c
                                        • Opcode Fuzzy Hash: bce7852c8f7c1e17828b2272a1cc5ecaba8989c7cadea47a122af23115ec3c43
                                        • Instruction Fuzzy Hash: C02107B0A10518CFCB54EF78D984B6EBBB2FB88300F4184E9D689A7350DA349D85DF59
                                        Function 02566CE8 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1080e51acb09fcb34cdf156429b2f9cc3525d2e66998f77ae33cca555b4afefe
                                        • Instruction ID: ea6ca0cbccb8dac8fce7bd222fc55179140057f4f475641f19fa4c59803eb377
                                        • Opcode Fuzzy Hash: 1080e51acb09fcb34cdf156429b2f9cc3525d2e66998f77ae33cca555b4afefe
                                        • Instruction Fuzzy Hash: 9411A5357006168FC7255A2AD45CA3ABBBAFFC96657158479E906DB350CF34DC01CBD0
                                        Function 05E95FC0 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8403a5721d91bf1414cc7d840d8d9d80b9ff97fb542b006a1c51423f7471414b
                                        • Instruction ID: 1fceaa77c5b953d210eed4c05dc1b9905fabf86d6bb38c49002fab2adbd479cb
                                        • Opcode Fuzzy Hash: 8403a5721d91bf1414cc7d840d8d9d80b9ff97fb542b006a1c51423f7471414b
                                        • Instruction Fuzzy Hash: FB0184323006106BEB28D65DD841F6AB7A7EFC0A64F68C52AF1ADC7644EB71E8428750
                                        Function 00A6D1E3 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868327143.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6d000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                        • Instruction ID: e12217f3f534f81e710c7b64af46a3cd4d1398a865c6478abf1bd49602b5bf76
                                        • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                        • Instruction Fuzzy Hash: 7511DD75A04280CFCB02CF20D5D4B55BFB1FB84314F28C6AAD8494F656C33AD84ACBA1
                                        Function 00A6D02B Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868327143.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a6d000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                        • Instruction ID: 3a09754c2331f3846a06e198cf77f5c0879dc9cef4527e55ddd67b872005e666
                                        • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                        • Instruction Fuzzy Hash: E7118B75A04284DFDB16CF14D5C4B15BBB1FB84318F28C6AAD84A4B656C33AD84ACB62
                                        Function 08F5B1ED Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 031fe92b9c5e07b1a9d6bc42cc9a69b56f23fa94589ea448de658e6ed86b0a49
                                        • Instruction ID: 1f7f0ef3a4d7adc9391e6fb963a8db8470ab42c1052f24840131648a87b9e0c3
                                        • Opcode Fuzzy Hash: 031fe92b9c5e07b1a9d6bc42cc9a69b56f23fa94589ea448de658e6ed86b0a49
                                        • Instruction Fuzzy Hash: B501FC1210D3D09FD302CB78D8656DA7F68DF5A231B15C0AADA94DF242C715D403D7E6
                                        Function 0639E52F Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d4e1988c1b19bf0a7b0d4b093d7f19fb169d8df9ebbbb414faee50ba8ec69a2e
                                        • Instruction ID: 88cb584f732a1c596d496c4eace5b7b475b3edbad56a56d0c38ba19d469004f4
                                        • Opcode Fuzzy Hash: d4e1988c1b19bf0a7b0d4b093d7f19fb169d8df9ebbbb414faee50ba8ec69a2e
                                        • Instruction Fuzzy Hash: 4801683B26402AC7EA84862AE8026657B5EEBD5700B089523E002CB581FD68CD418EDA
                                        Function 0256EC39 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 29964506ccfc31d16208cf08750549775d2747b75b11b9b9e0abe7b1b9d95bda
                                        • Instruction ID: 8379deec847e433bfa1150d46692b5ee0abc65fc3f7598a89a0b42223cc89ad3
                                        • Opcode Fuzzy Hash: 29964506ccfc31d16208cf08750549775d2747b75b11b9b9e0abe7b1b9d95bda
                                        • Instruction Fuzzy Hash: D301D4767011068FD71AEF19D958A7A7BA3FFC5310B168039E805DB361DB34DC158B54
                                        Function 0256F6C8 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cddd430a117578bf7cb22c7c6d348dafa74e77b7e6ea61fe6d8559cbb8a88783
                                        • Instruction ID: 00dcc060031168f30c3b664101976deb06a96aa66197c9d76e2151e0da963017
                                        • Opcode Fuzzy Hash: cddd430a117578bf7cb22c7c6d348dafa74e77b7e6ea61fe6d8559cbb8a88783
                                        • Instruction Fuzzy Hash: 0C1136B0D092899FCB40DFA9E4446BEBFF1BF49300F1481AAD455A3251E7381A44CF91
                                        Function 0639E540 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 54d51eee64e283e3cbe5dfd71fc16d2f9a4c6da4155e507ecd0147a7dc8a33c8
                                        • Instruction ID: 3b60dde1fa8e4ccdd624d91fae2ec88a9712fe017b229f73811ecdc6fadee8d3
                                        • Opcode Fuzzy Hash: 54d51eee64e283e3cbe5dfd71fc16d2f9a4c6da4155e507ecd0147a7dc8a33c8
                                        • Instruction Fuzzy Hash: F1019E7736802BC7EA84C52AE8025757A5EEBC57003089813E007CF581FD64CD018EDB
                                        Function 00A5D76D Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868294310.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a5d000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d53ac38ba06db9746b26d497d13d34a8c18fa980821fcea528cf544e7380d717
                                        • Instruction ID: a323fe078e35fa1393faec757f603e77ef5bca7d8590fbe3497779b751190338
                                        • Opcode Fuzzy Hash: d53ac38ba06db9746b26d497d13d34a8c18fa980821fcea528cf544e7380d717
                                        • Instruction Fuzzy Hash: 4C012B710083449FE7304F11DC80766FBE8FF46365F18C42AED190A282C3789948CA72
                                        Function 0AC79BE0 Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8dcf827db51e4db258596a4763cbf9ee41b57cc8125941a66a92acf49969fb9
                                        • Instruction ID: a45b67f0a3d2d26edd0de8cd9246c6cb981d221d19fe3030731efcd1547ee448
                                        • Opcode Fuzzy Hash: d8dcf827db51e4db258596a4763cbf9ee41b57cc8125941a66a92acf49969fb9
                                        • Instruction Fuzzy Hash: 8CF02234701AA4ABCF0AFA74816029D6753BFC4A0071240DAD55987F82CF38AE67D7C6
                                        Function 08F5452C Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1ed7d09059a656ba7b751e6eba59369fe7f1e5a8d533bc1da2f52b3073396094
                                        • Instruction ID: 3b6adc811fa0d3d5978e8c6d86ee66a9257e52768ddf31c17b4ba3cf4c37d6da
                                        • Opcode Fuzzy Hash: 1ed7d09059a656ba7b751e6eba59369fe7f1e5a8d533bc1da2f52b3073396094
                                        • Instruction Fuzzy Hash: CAF0A6B0904356DFC7029B74C48A7EABFB49F06304F4402D6D908CB2A3DA384A46CF80
                                        Function 05E95F03 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 58a60c7278eca7693ef0fe6981dbfd2b5fb1012453382323d5aba66737275453
                                        • Instruction ID: 0fe5dcc9e15a7687dddee385952c5fbf39e7b56be0667d92cdae9c4bfd80ecca
                                        • Opcode Fuzzy Hash: 58a60c7278eca7693ef0fe6981dbfd2b5fb1012453382323d5aba66737275453
                                        • Instruction Fuzzy Hash: 6AF0A471101604ABDB05DF15D8C4E1AFBAAFF85324709C196DC0A8F207C771E842CBB0
                                        Function 0AC7466B Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 946d001d1068e8cad513ba7853f801a20ef829e1bee72818c7594a0abdae2e6c
                                        • Instruction ID: 7bdf0dc32f06fb7a949bee06d5878fa8e1266a78b51989d0116c8d5af0b09229
                                        • Opcode Fuzzy Hash: 946d001d1068e8cad513ba7853f801a20ef829e1bee72818c7594a0abdae2e6c
                                        • Instruction Fuzzy Hash: 93F0813C3143019FDF29EB64CA10E29B3B5AF81235B62C66ED02687596DB70DA458F51
                                        Function 0256FE58 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 978e9fef3ebd9b5147effa591c463be3dc6d7cecdb866dcf9dfbf44ec3601832
                                        • Instruction ID: 5ed25c889a00abf42f0d1deea84967a9ca906de30cec2676e15a998582c5ea2f
                                        • Opcode Fuzzy Hash: 978e9fef3ebd9b5147effa591c463be3dc6d7cecdb866dcf9dfbf44ec3601832
                                        • Instruction Fuzzy Hash: C2014BB5E44208ABCB44DFE9D9456ADFBF1BB89301F1486AAC428A3241E7745A05CB40
                                        Function 05E9346F Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 41ec96ca07d7a7b291a95901905c677bda8a3280d0c42560f5f70a7ceb9066ca
                                        • Instruction ID: 166fdb879dee110de26433e1224a304e1fd1e7419a87aceb6689f9ce76eacd2f
                                        • Opcode Fuzzy Hash: 41ec96ca07d7a7b291a95901905c677bda8a3280d0c42560f5f70a7ceb9066ca
                                        • Instruction Fuzzy Hash: 6C01F9F9EA0259CFEB18CFA6D9521DDBE76BB84200B10A616D501FB254E735C9018F04
                                        Function 0AC74D90 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9733aa14440f5d4f52beb44ad11a87c2e71c0b7f21ef2081f97589f0f704ad8
                                        • Instruction ID: 378d2ef38a88c78ab6f0a5f42b4bc20060a150905e0bc40b1e9c3c8ec0ef9de2
                                        • Opcode Fuzzy Hash: f9733aa14440f5d4f52beb44ad11a87c2e71c0b7f21ef2081f97589f0f704ad8
                                        • Instruction Fuzzy Hash: 9DF0553B3005104BDB14B16DE86AA2F7BAFEBC5A21F160027E108C7350CD28AC020695
                                        Function 0256BC38 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1e1747279446368ca5c0386fa7b1d2103661ae841653d0d51c13d3b15a97775
                                        • Instruction ID: 4f5fe5ad8611994723cecf9e21a8ff4a53a10a3bd86a9e2ea3ab28d8c9dd185a
                                        • Opcode Fuzzy Hash: b1e1747279446368ca5c0386fa7b1d2103661ae841653d0d51c13d3b15a97775
                                        • Instruction Fuzzy Hash: 3DF0B4BA3001146FEB041A64D4546BEBBE7EFDC365B008429E949D7350DE31CD414790
                                        Function 00A5D76C Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868294310.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_a5d000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b90519190402c508602abc595093c3392bf302b0a4ef23a5669b388aac2d1893
                                        • Instruction ID: d8ff4b7c0f3796850106cf849e205a8dff27404d2401256d86657ca1513958d3
                                        • Opcode Fuzzy Hash: b90519190402c508602abc595093c3392bf302b0a4ef23a5669b388aac2d1893
                                        • Instruction Fuzzy Hash: 57F0C2714083449FE7208B05D884B66FB98FB45729F18C45AED580F286C3789C44CA71
                                        Function 0AC79C60 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f43089575496a8becbe86fab50d06931b5890ea2120061157e4104c24f23f51a
                                        • Instruction ID: 9629a3108cb7e2f147354b66a88585e2c63290e2001e9b36b2ca2785606d521d
                                        • Opcode Fuzzy Hash: f43089575496a8becbe86fab50d06931b5890ea2120061157e4104c24f23f51a
                                        • Instruction Fuzzy Hash: 82F05C67A085706BCB748A5F65106FEAF958FC1531F0A806FF84CC7283C824890147A0
                                        Function 05E9C3E8 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0f36b23f63313787e3280ba94ebb9a3c2c427d924fd56e5023d3a05e3bf9815d
                                        • Instruction ID: 9496e08a9120c74220d18132c542f9c55e285ec7357c66a7fd6767644646cb41
                                        • Opcode Fuzzy Hash: 0f36b23f63313787e3280ba94ebb9a3c2c427d924fd56e5023d3a05e3bf9815d
                                        • Instruction Fuzzy Hash: BFF0596231409A43890C616E290247A6B9FD3E5510B066023E50EEF7D0FD00CDA046D5
                                        Function 0256FE68 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 871843d08ec721357bedc6c340d314e7d08e672cd72da6d2c4545eb36afa8c28
                                        • Instruction ID: a39eed244305d2de38f5ca4adddde72d60643adf1580fbb106ba531e41efc3ac
                                        • Opcode Fuzzy Hash: 871843d08ec721357bedc6c340d314e7d08e672cd72da6d2c4545eb36afa8c28
                                        • Instruction Fuzzy Hash: CFF0E775D04209EBDB84DFE9D9416ADFBF1FB89301F1486AAD828A3301D7745A41CF90
                                        Function 0AC74DF0 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c5d439e29953ef547750c984748f44803ad23808245309bfb6536352ed69bd7
                                        • Instruction ID: 7ef90662e22ddc719690e3efec5083803f3285c1cdb5ab4314cc7e97f5591122
                                        • Opcode Fuzzy Hash: 7c5d439e29953ef547750c984748f44803ad23808245309bfb6536352ed69bd7
                                        • Instruction Fuzzy Hash: 52E0681830122017DF0A76B90C3533E65AE4FC1A01F05805EE905CF7C2DC984C0247CA
                                        Function 0AC74DA0 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75c0ed129a4041187655f79f8cabd7e6c20e691884168a467a52519a04177ecb
                                        • Instruction ID: f8566586befd12491fed89f6984299451ce2582a02f074b55ece6780e9701cb8
                                        • Opcode Fuzzy Hash: 75c0ed129a4041187655f79f8cabd7e6c20e691884168a467a52519a04177ecb
                                        • Instruction Fuzzy Hash: 0CE0D8363505114BC725B25DE84892EBBAFEFC9A24B26017BE508CB364CD659C014795
                                        Function 0256F760 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 68e695064c353b5e93c335b01f8795b000023b048cc5574255c50c80051eb857
                                        • Instruction ID: eece6432d1be673cc1915e7659d3de3a7a502026cb2b9f1f13c514a59153e935
                                        • Opcode Fuzzy Hash: 68e695064c353b5e93c335b01f8795b000023b048cc5574255c50c80051eb857
                                        • Instruction Fuzzy Hash: A5F062B5C082898FC701CFA4E41957DBFB0FE56201B4480DAD453A7751EA385A01DF61
                                        Function 0AC76C00 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5db09b0791af91ef4a06f6cc77bae6685f4697f34a0fb855259af940de0ce8fb
                                        • Instruction ID: b2fd571e7b0702f995a56e7c662c7431d9fe8eb5ba08632548d530f5e25cfb31
                                        • Opcode Fuzzy Hash: 5db09b0791af91ef4a06f6cc77bae6685f4697f34a0fb855259af940de0ce8fb
                                        • Instruction Fuzzy Hash: E4E012517193D06FD70255745C257677BDD8BC275171580ABE644DB342DC569C0283E2
                                        Function 0AC76CFF Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 994d7c43e9c60839b166d77a5d94f6f24a3c96a159d94e98d169790887f16636
                                        • Instruction ID: 029fc800c6993806f869196e3dbd0253ba84dd4a5f8b990df67cb0b6bacb3759
                                        • Opcode Fuzzy Hash: 994d7c43e9c60839b166d77a5d94f6f24a3c96a159d94e98d169790887f16636
                                        • Instruction Fuzzy Hash: 1AF02771604B109FCB30AF1AE40051EBFF8DF92720701821EE8498B742C630E9069FE1
                                        Function 0AC764E8 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d0891ff43ca08cdace4e3ab16c453fd576c259239ad4606a8c46b06377b7ad53
                                        • Instruction ID: 5715495788b5d05ac7e8a8babf5195a5383d22aef042d6aaaa95041de68a81f3
                                        • Opcode Fuzzy Hash: d0891ff43ca08cdace4e3ab16c453fd576c259239ad4606a8c46b06377b7ad53
                                        • Instruction Fuzzy Hash: C9E0E5B1600B105B4630AF1EA40442FBBF9DFD27203118A1EE44287740CA30EA068BE5
                                        Function 0256EB48 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd56f20bfa983cc797dfdbf979436c822ebbffe7d65ec651d668145c30b5fd91
                                        • Instruction ID: fe5f9faede974715eb24196197cae10715f4d79d0b50f1b7f4a5b02148dca98e
                                        • Opcode Fuzzy Hash: dd56f20bfa983cc797dfdbf979436c822ebbffe7d65ec651d668145c30b5fd91
                                        • Instruction Fuzzy Hash: 57E06D39301259BB8F061E159818CBE3FAAEBC92227048016FD56C3220CA35CD21ABA4
                                        Function 05E9DA00 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 128d69554b1e1591e4898443857bba86bad229400c50ea02a122bbe548639a7d
                                        • Instruction ID: 278735ea3613cb7e8461ceef53c190f374bc9cd0d8de92a30b517cd53dd87837
                                        • Opcode Fuzzy Hash: 128d69554b1e1591e4898443857bba86bad229400c50ea02a122bbe548639a7d
                                        • Instruction Fuzzy Hash: DCF03AB0D0420ADFDB48DFA9C901AAEBFF4FB08200F0045A9D918E7200E7B48A108B91
                                        Function 0AC76B31 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1590b8fdcbf991353fa1de0a5b919abbc038652ab523af79cd238aba49a4fb7
                                        • Instruction ID: 14200ff20a6a20abc981b83c35e2ab944decff089a9e13136da73639b517a71a
                                        • Opcode Fuzzy Hash: b1590b8fdcbf991353fa1de0a5b919abbc038652ab523af79cd238aba49a4fb7
                                        • Instruction Fuzzy Hash: CBF0A070301B118BEB25AF74D9507DA73A6FF82699F004479D54A8B680EA31ED028BD1
                                        Function 0256EB39 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e231b72884c77611f08dca85ca070e5ecb8cd6ba7eec5d4dabfa2faaa0e23938
                                        • Instruction ID: 1b9200fe01066b7c1bed880e4e1a0242e005e817052fe243f646dc72e118c2a3
                                        • Opcode Fuzzy Hash: e231b72884c77611f08dca85ca070e5ecb8cd6ba7eec5d4dabfa2faaa0e23938
                                        • Instruction Fuzzy Hash: 78E020763062966F8F071E545814CBE3F675FC213170A4077F505D7630C534CD229764
                                        Function 0AC76BB9 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 15772eab77dbae2d2e25643a4f538ee95d23fa87fb92abce4904f036746e1e55
                                        • Instruction ID: c2179c4939237836a2e1038237781a9feaa6003b0562958c34add78942e9a30f
                                        • Opcode Fuzzy Hash: 15772eab77dbae2d2e25643a4f538ee95d23fa87fb92abce4904f036746e1e55
                                        • Instruction Fuzzy Hash: BDE020113042B413D115367C48147DF3A8B8FC6758F05006AD545E7343CC629C4553D0
                                        Function 08F58CB0 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 93c4d4b0ab5b96873ca7aa52aedcdfabd74a84a70ec5ece38cdcbe07f6cab927
                                        • Instruction ID: a926a51a30c3802f24a761c89be133ece508c23e3d3d05b6746d00c48aff6c37
                                        • Opcode Fuzzy Hash: 93c4d4b0ab5b96873ca7aa52aedcdfabd74a84a70ec5ece38cdcbe07f6cab927
                                        • Instruction Fuzzy Hash: C0E04836121418BBC3019B19D85AEE7BFADEB95361B65C161FA44C6200CB35F913CFE9
                                        Function 08F5458D Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78eaa8ac13fd3dcf39750a29c8679388d30452f64a7df25b2c12a34c28adb41e
                                        • Instruction ID: 217fcc7e859f7f8e5c35da74f74a55c979e6527dde146073f030a2e49d0637f4
                                        • Opcode Fuzzy Hash: 78eaa8ac13fd3dcf39750a29c8679388d30452f64a7df25b2c12a34c28adb41e
                                        • Instruction Fuzzy Hash: 54F0F474A103188FC791DF68C494759BBBABB48314F9040A89A0DE734ACB38AE84CF54
                                        Function 08F54A21 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 91b8155392be1cd78af68b28c7725ad9ec674ca8bc311fd073917e85db57bde4
                                        • Instruction ID: c65a5d01c40914ad80fb33f6fecc5b6c5fb3e2b2fdf435a3b8859ce678ac9559
                                        • Opcode Fuzzy Hash: 91b8155392be1cd78af68b28c7725ad9ec674ca8bc311fd073917e85db57bde4
                                        • Instruction Fuzzy Hash: 8CF03774A50228DFCB15CB68D594B5A7BFDFB4C320F804295E809A7391CA38AE80DF40
                                        Function 05E9793D Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 081bb878802f48a9b3bd2a824c1be61a67f3382a0910dc870d9fbf85824063a3
                                        • Instruction ID: 85ef5c048572313149f6e7f28ce655302fcce72f4223b45d994b6d628a5a3753
                                        • Opcode Fuzzy Hash: 081bb878802f48a9b3bd2a824c1be61a67f3382a0910dc870d9fbf85824063a3
                                        • Instruction Fuzzy Hash: A3E0ED359402289FDF624B41CC409EDBB7AFB99A10F1051D1E18915620CA360EE2DF10
                                        Function 0AC77E40 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: adda3e7557ee95b380db9105d17cd30afd2c63ea7d7dfd55b49e4f82c457ba61
                                        • Instruction ID: 2c769c708b40def42a6618b0191eb9bdbc60f2188ea633d7863d834f4c12c794
                                        • Opcode Fuzzy Hash: adda3e7557ee95b380db9105d17cd30afd2c63ea7d7dfd55b49e4f82c457ba61
                                        • Instruction Fuzzy Hash: 99E0C2363008388B4E49BBBDA4109ADB3D9CF88A6030200FAEA0DCB352EE05CC0047C5
                                        Function 0AC74E00 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fbce4d2d715c20c7ad660e2bd3db7ea2d1e573e6f60e7115aab71b068cc1fe08
                                        • Instruction ID: a467139024d5795d0db01f56443aadd1720ef82235e27586524529c8a97964b9
                                        • Opcode Fuzzy Hash: fbce4d2d715c20c7ad660e2bd3db7ea2d1e573e6f60e7115aab71b068cc1fe08
                                        • Instruction Fuzzy Hash: 34E0C21831013413EF0DB6A9582437F619F4BD5F52F01802EE90A8BBC2DDA99C0243CA
                                        Function 0AC76B40 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8127dfca1f3da5a3e587e3ff4034da1a6adcf46fbcf9b43f7d134f1850f20fc4
                                        • Instruction ID: 57a32154a1bd584611e0a217e7c9ee60d1f7f344021f2265f0a9fc7181121f09
                                        • Opcode Fuzzy Hash: 8127dfca1f3da5a3e587e3ff4034da1a6adcf46fbcf9b43f7d134f1850f20fc4
                                        • Instruction Fuzzy Hash: 4AE09270301B018BF7256B75DD107AA73EAEB86285F414578D6469B780DA31EC004BD1
                                        Function 0AC75EE0 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 29f6bea533d2f99e67a6d808487bb2a7c940659fe7d343cd1dc6ea952b351997
                                        • Instruction ID: c2eac1eee835c30864ffe3470989f55827677959fc2ae5ff90fd012852ea3c1c
                                        • Opcode Fuzzy Hash: 29f6bea533d2f99e67a6d808487bb2a7c940659fe7d343cd1dc6ea952b351997
                                        • Instruction Fuzzy Hash: 92E04F7581160C9ECB84EF78D9462AD7FF8EB05214F44C13AE84DDA100FB34D2958F81
                                        Function 0AC73F60 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9b0d31fd02441e6f136c202822dd1bbeb84f13dea6137f4edaee2b24ed60c66
                                        • Instruction ID: e7bdf9181151d3c44f21fec1c996d1dbcd73022b2bd26b4f262c7827eb981554
                                        • Opcode Fuzzy Hash: f9b0d31fd02441e6f136c202822dd1bbeb84f13dea6137f4edaee2b24ed60c66
                                        • Instruction Fuzzy Hash: D6D05B2BF0061823C614547E641A76E669FE7C17A2B4A802BF445C7345DD5498031199
                                        Function 0AC74593 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69924b2bfc08b592b6d008d48e572208f2fb8c1ae01cfc69cada340d28330a89
                                        • Instruction ID: 885f992b5d92bbcd40635c52b9d4f450d61d1374a8f772acd0baff4e972604d6
                                        • Opcode Fuzzy Hash: 69924b2bfc08b592b6d008d48e572208f2fb8c1ae01cfc69cada340d28330a89
                                        • Instruction Fuzzy Hash: DBF03939310211CFCB10DB68D088AA873E1EF84315F6581A6E1088B364C734AD41DB50
                                        Function 0AC7C914 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 49faf0f823448480c5e1eaddf58a65d40eda7e3afd7f644d5871b64375cde7c9
                                        • Instruction ID: 361d5c9fd76168627da40f1538105994e8271950817db601a1595b7b73a68a6a
                                        • Opcode Fuzzy Hash: 49faf0f823448480c5e1eaddf58a65d40eda7e3afd7f644d5871b64375cde7c9
                                        • Instruction Fuzzy Hash: 43E0DF3A2001008BC310E61CC4C8BDD33A8EB4A344F4E84F2F509DF314C675A8818B41
                                        Function 0AC76C10 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c7d4fd8b0b04a9f54583287a0fb50b779bf6711275f997d5805ecb3dc14805b
                                        • Instruction ID: f501beeb8eaa9beb9d6f7d3f0e4e374da3514ad2907821f133d1fe559f4a84ec
                                        • Opcode Fuzzy Hash: 8c7d4fd8b0b04a9f54583287a0fb50b779bf6711275f997d5805ecb3dc14805b
                                        • Instruction Fuzzy Hash: 96D05E217101642BA60065A96C08B7B72CEC7C5B61B118039EA08D7340EC61DC0243E0
                                        Function 0AC744D7 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cc9afe4c42aabf8abeea8af3fbcf60671e7bbf9784485e6ecc813f28dd497bc1
                                        • Instruction ID: df4d6ff2d9fdb973c2c2d9bf30dfe3ce27142fe95785bd0142117817869ebd19
                                        • Opcode Fuzzy Hash: cc9afe4c42aabf8abeea8af3fbcf60671e7bbf9784485e6ecc813f28dd497bc1
                                        • Instruction Fuzzy Hash: DCD0973EA082038AEFA444228A073BD33D79FE050BF2EC031C8C040046F83C8643912A
                                        Function 08F54AAC Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a0005b127737bb7b79740b97e490a0b98071efa8ce6dca65996b1ea3fed48174
                                        • Instruction ID: 212288bbaefb73fbeaaa1e804c6b7a5d643a320c0593594c632b8ded6ba94d96
                                        • Opcode Fuzzy Hash: a0005b127737bb7b79740b97e490a0b98071efa8ce6dca65996b1ea3fed48174
                                        • Instruction Fuzzy Hash: 79F0FE76E5022ACFCB51CFACC980AADBBB9FB4C300F5041A9A509A7256C7346E44CF44
                                        Function 0256FEC8 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34a9a8dadc0b423fb105f632f1c9dfa21cdda33c2b4f38a07eccd8056f3fcd01
                                        • Instruction ID: d58393327f5186079f2e7549540e2fc687ffdaecc75bd40d66758c14864c0e88
                                        • Opcode Fuzzy Hash: 34a9a8dadc0b423fb105f632f1c9dfa21cdda33c2b4f38a07eccd8056f3fcd01
                                        • Instruction Fuzzy Hash: 0DE0C2A640A2C5AFCB16EFA0E9140783F32FFC2300B3201E38489971A2CA211D06EB59
                                        Function 08F542E3 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e577ada03ad963a36468258714ad13f483ad7cca5ab935e820d74fda6f6176d2
                                        • Instruction ID: fcf109fa7a3543959ff856ccf2cf57321e8e3d5c7be8b52442a568edcfbfdd60
                                        • Opcode Fuzzy Hash: e577ada03ad963a36468258714ad13f483ad7cca5ab935e820d74fda6f6176d2
                                        • Instruction Fuzzy Hash: C4F0B279901268CFCB65CF64DA44999BBB9FB48241F1101DAE909BB351CB35AE81CF40
                                        Function 08F53FD6 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 801d02f45d360de32e4d9fd771175054375b1a0ec411ddfdb4e8276ca02494ad
                                        • Instruction ID: 23a48fd34c6621a2f80703880fd529e075e195e2de2579c53f9ac762485f7618
                                        • Opcode Fuzzy Hash: 801d02f45d360de32e4d9fd771175054375b1a0ec411ddfdb4e8276ca02494ad
                                        • Instruction Fuzzy Hash: 2AF0B2B8E112288FDB61CF24C984A9CBBB9FB98304F4094D5D909A3312DB34AE81DF04
                                        Function 02564688 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e8ba817576bdf692b6842a42aa966a34232b777d8788c1a79ae3263b38c261bc
                                        • Instruction ID: 40c9bf0e8c0ebd39c6dd7947287f17ddcf78d3c5ad60228ae7445421e8c37454
                                        • Opcode Fuzzy Hash: e8ba817576bdf692b6842a42aa966a34232b777d8788c1a79ae3263b38c261bc
                                        • Instruction Fuzzy Hash: 81D01271945109D7D744EBA4E85967D7A79FBC1305F10145A940913650DB705E00DB99
                                        Function 0AC73F70 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a8201a7e1540ae900432838aa2afd7a41d7a078a705cec3f514ba45786e53af0
                                        • Instruction ID: 2259c4b3571cc6d56e24dc0723c25ea101cfdfba7417afcf5d6a43fda0226b18
                                        • Opcode Fuzzy Hash: a8201a7e1540ae900432838aa2afd7a41d7a078a705cec3f514ba45786e53af0
                                        • Instruction Fuzzy Hash: 3BD0122FB0462817462465BF740456FBAAFEAD5BA220A407FF505C73459D659C0252E4
                                        Function 025694D8 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                        • Instruction ID: cd8ff47ceabea75740d81fa275cfbbea8db4e2ad10978c8ff7967f134651f797
                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                        • Instruction Fuzzy Hash: 12C0127320D2282AA224104E7C88EB3BA8CE2C52B5A210137FA1C8360098929C8142A8
                                        Function 05E9D9A8 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66f373885f84ad6276c08e2eaf2f27bcfb4af8471018a599ebd2dc0c0281fac5
                                        • Instruction ID: df72220912c4330cca89a20424aef7bdb985481b0b09749ae1fe6cf05405b3d9
                                        • Opcode Fuzzy Hash: 66f373885f84ad6276c08e2eaf2f27bcfb4af8471018a599ebd2dc0c0281fac5
                                        • Instruction Fuzzy Hash: 2BE0BFB0D4021ADFDB40EF79C90575EBBF5BF08604F11C566D015E7211E7B495058F91
                                        Function 0AC76AF7 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 627271b92bdd1d354fbf3920be6b9eff51ea60854be553a7f4134a73ce43beaf
                                        • Instruction ID: 567c2f4ed864dcd6e3271c54c5ebfeda225d5c0ed002d61df966f73a016bed67
                                        • Opcode Fuzzy Hash: 627271b92bdd1d354fbf3920be6b9eff51ea60854be553a7f4134a73ce43beaf
                                        • Instruction Fuzzy Hash: B4D017306007548FCF68BF7090681DC73B1AF41209B50483AD80A4A742FD3A9943CB80
                                        Function 0AC75EF0 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 83a21396a05eee60fbdeafb99c8061ead4629c8957ab64bfe67ed109d7b2aeb5
                                        • Instruction ID: 825652efbabff469bfc31c3eb6f111395b694b86698e12c5f74c97044adab5d1
                                        • Opcode Fuzzy Hash: 83a21396a05eee60fbdeafb99c8061ead4629c8957ab64bfe67ed109d7b2aeb5
                                        • Instruction Fuzzy Hash: 1CE0E27581060CDECB84EF79D60859D7BF8AB05211F50C62AE80D9A100FA35E2A8CF80
                                        Function 0AC744E8 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f7ad6773becd580b30ff7ec502da9f7f29b165c120679f724d115611ff04d391
                                        • Instruction ID: 36f1e8c92199fbbc32784049b2e23f73b09062c6950a138be29768cc00a71ce7
                                        • Opcode Fuzzy Hash: f7ad6773becd580b30ff7ec502da9f7f29b165c120679f724d115611ff04d391
                                        • Instruction Fuzzy Hash: 14D0223D6043028AEFB8242282053BE318B4FC061AF2EC074C4080848BFCB98A819065
                                        Function 08F5415B Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4ceaea7d93f71752e5adda707b40214011856ddfbe054b4ef1175a681490d6be
                                        • Instruction ID: 0edbeb1d4a740925a65e405792e15736ddbd129672778660c8d19774d0887dd5
                                        • Opcode Fuzzy Hash: 4ceaea7d93f71752e5adda707b40214011856ddfbe054b4ef1175a681490d6be
                                        • Instruction Fuzzy Hash: 3AE012B5E402288FCB60CF74C6946197BB6BB48311F9082AA990AA7641DB38AD419F58
                                        Function 05E9D880 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b05efc244aebce8b8106430c7a28ebcdf3344948eef6c48a19af2bce9fac408b
                                        • Instruction ID: 8a952e903c5d76450ca4dc8925654d843143ba21fdccf9f842cbb4cdfab62760
                                        • Opcode Fuzzy Hash: b05efc244aebce8b8106430c7a28ebcdf3344948eef6c48a19af2bce9fac408b
                                        • Instruction Fuzzy Hash: 32D012B0D003199FDB54EFB98A0539EBFF17B04200F108979C054E3201E77842048F91
                                        Function 02567121 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8266f4b76145db4b838ed96d910fe532091dfeeb434092854a2b204af362e099
                                        • Instruction ID: 23c63f285f09bd6ea3408e735059e2bf06923be81a74a59c535007ecc8415d3b
                                        • Opcode Fuzzy Hash: 8266f4b76145db4b838ed96d910fe532091dfeeb434092854a2b204af362e099
                                        • Instruction Fuzzy Hash: 3ED02EF20193008FE302FB30E8A01463B2AB981304358C1A6D4840A8A7CAB8068B8B21
                                        Function 05E953DB Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d483a47c127c7ef6faf88c1b9ecdaa663fe95062a80e79e7a04cb03c290fa264
                                        • Instruction ID: 5f5e690e38527005cf5cbc670f6294f2e2c09a53b552d8814081304f14d38f2f
                                        • Opcode Fuzzy Hash: d483a47c127c7ef6faf88c1b9ecdaa663fe95062a80e79e7a04cb03c290fa264
                                        • Instruction Fuzzy Hash: 17E0B436201200EFCB1AAF90CA48C95BF72FF1A300B0680CAE6454B172C332C8A2EF41
                                        Function 0AC76B08 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 89ceea4d9e97acb6d500758a608dab4beee6971903b9aa2e940fbbb586875d9b
                                        • Instruction ID: 1e14aa8d617844d4b42f01052b8c84029ce50f5a183ca2c241b7c86006b6aa9c
                                        • Opcode Fuzzy Hash: 89ceea4d9e97acb6d500758a608dab4beee6971903b9aa2e940fbbb586875d9b
                                        • Instruction Fuzzy Hash: 88C002303457588FDF697B70612C06C76AA9E85209390487DD50A8B791ED7BE852DB44
                                        Function 0AC70D43 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e2e8448dcbdbf5b0f12e5d4e3dce2c7dcc8def46436fc0eb151b1073240e5020
                                        • Instruction ID: 3ff23919810b966673bc54de9abe0eec4c7a048565d69b0fbece57f67f2ad5f0
                                        • Opcode Fuzzy Hash: e2e8448dcbdbf5b0f12e5d4e3dce2c7dcc8def46436fc0eb151b1073240e5020
                                        • Instruction Fuzzy Hash: 5DE092B0912255CFDB68DF24D990DA9B7B5BF98204F5110D9D509AB7A1DB30E980CF04
                                        Function 08F55AE3 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fccf9011e6820cb5d9a67112c991951291437913b07f2c6e8e70f11f0c047931
                                        • Instruction ID: daf9730b84751507a68ba2a6bd9c512e79434d16a9758a12385d4bef772322b2
                                        • Opcode Fuzzy Hash: fccf9011e6820cb5d9a67112c991951291437913b07f2c6e8e70f11f0c047931
                                        • Instruction Fuzzy Hash: 99E0B675905169DFC791CB24C540AD87BB5AB19301F0180D5E959DB351DB35DA81CF80
                                        Function 08F5493B Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b8de28e593cc638326433b3a2269d948bd501ae89f009323b1762e40d2cf04a
                                        • Instruction ID: 59b78763f7b1e44412106ae1a7e4bd52a9381c4b9c05f7f642f1d85be6f2d463
                                        • Opcode Fuzzy Hash: 5b8de28e593cc638326433b3a2269d948bd501ae89f009323b1762e40d2cf04a
                                        • Instruction Fuzzy Hash: A9E0EB33D04349279B208DB00E00B02BE9D2F82320B120383CCA39A7FAC7118808ABD1
                                        Function 0256EB11 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 83484c3a149b906d2a44591f34ae6624062493f60b98eb55357f3971e2301b63
                                        • Instruction ID: 8e116e1781d7238d4db7cd58485e751eba434b95cab7f1bf077959809bb8365f
                                        • Opcode Fuzzy Hash: 83484c3a149b906d2a44591f34ae6624062493f60b98eb55357f3971e2301b63
                                        • Instruction Fuzzy Hash: 56C012E38092498FC7455E105444134BF206FA3114F1747B7D21545913922949078A21
                                        Function 08F56A4C Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7ec2163abc7aec6ad8c9446b00447997932dce9ca6fc16d97328cebe918c284a
                                        • Instruction ID: 264f41980bc27ef298613a025455df11460813c72776c0c7acf84e17c820f2c3
                                        • Opcode Fuzzy Hash: 7ec2163abc7aec6ad8c9446b00447997932dce9ca6fc16d97328cebe918c284a
                                        • Instruction Fuzzy Hash: 99D0225D4082044FCA100710C8A47AC3B10AB60130F078341CDB20AEC28A0C08838951
                                        Function 02567130 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1868877289.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_2560000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aaf18a8babe62229d98bb9acb97909498d210ee3c29b73234b4a8d624dfea14e
                                        • Instruction ID: 534ed401ad006b74e5199d2a413c73749c151c51143b5e4d7473756e83a9dade
                                        • Opcode Fuzzy Hash: aaf18a8babe62229d98bb9acb97909498d210ee3c29b73234b4a8d624dfea14e
                                        • Instruction Fuzzy Hash: C3C0123201030A87EA01F775F85571A336EBAC0600790C660A94A06519DFB819894EE5
                                        Function 0AC7BC72 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1913464844.000000000AC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_ac70000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f2c08917e9483f5451bb56634fc011f2ddbd0fb23b0ceeed80dfb7b9be50f8ce
                                        • Instruction ID: 6db06451bd02517e617af1089af0220c25523097fc7e5457c787697291b25c45
                                        • Opcode Fuzzy Hash: f2c08917e9483f5451bb56634fc011f2ddbd0fb23b0ceeed80dfb7b9be50f8ce
                                        • Instruction Fuzzy Hash: 18D09234265200DFC758DF65C594C1AB7F6FF99604BA1889CE1528B670C771EC45CF42
                                        Function 08F528FE Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b0510bbed45ffd7ae6e0e25553bcbff3c4b5debb075e4fe03be0c9e3cff028e5
                                        • Instruction ID: 9ace70588e12e30c76c648bb7f22447def28b3bdbfa9e56acf1c25699ea7159d
                                        • Opcode Fuzzy Hash: b0510bbed45ffd7ae6e0e25553bcbff3c4b5debb075e4fe03be0c9e3cff028e5
                                        • Instruction Fuzzy Hash: 2FD0C9325682258BCB589E38D5894857A74FF3538671105BAEE0498169DE328252CF96
                                        Function 08F53FA9 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c3380847e8a33ceccb9decf11fe18b26660628dcd792d5ca90df1130dba604bb
                                        • Instruction ID: 725c26306dab07e543edcd1c0eb84cdc846ca2c2ee4fa2b9a836657d5a8e99be
                                        • Opcode Fuzzy Hash: c3380847e8a33ceccb9decf11fe18b26660628dcd792d5ca90df1130dba604bb
                                        • Instruction Fuzzy Hash: 79D06CB8904228DFCB208F20C5849ADBBB6AB48201F0082E9EE5967351D7399D81CF88
                                        Function 05E95447 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 70bc6024113186f7914ca479f998474164a41eff8ae04f5e6321e63547927521
                                        • Instruction ID: c37e5ac0adcd31e7813c7e52f5920c7cd2b4e60b377671846e841a54c81eb911
                                        • Opcode Fuzzy Hash: 70bc6024113186f7914ca479f998474164a41eff8ae04f5e6321e63547927521
                                        • Instruction Fuzzy Hash: 90C08CB9B4C739999BEFC9608D950AB7D22AA18601B91301FCDC68B0A7E510CE438AD1
                                        Function 08F55B22 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 84bc25853088ddd029e853601185ed73728af0f2fad2b27d0c6005798f1ddbc1
                                        • Instruction ID: 0cb8238b50d8bd1fefb077fb98e97b850a233ed73952a68dc04f40e93deea018
                                        • Opcode Fuzzy Hash: 84bc25853088ddd029e853601185ed73728af0f2fad2b27d0c6005798f1ddbc1
                                        • Instruction Fuzzy Hash: CAC08CB41024028BC2014F3CDC495A57BB0FE20B313514399BE238B2E3EF26C2A3CE4A
                                        Function 08F54600 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c73b8280c242e26042d0f8e82dedadb1292fd1a88ea8fa33b2450b4779a6562
                                        • Instruction ID: bed21f8136f7f28a947e819efab232c5cbe65ffa3cee38a56623437e9eb47999
                                        • Opcode Fuzzy Hash: 2c73b8280c242e26042d0f8e82dedadb1292fd1a88ea8fa33b2450b4779a6562
                                        • Instruction Fuzzy Hash: 91D0C9769002298FC7548B94C5A6559BB78BF94204F011596DA0767297D7389E808E8A
                                        Function 08F54567 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21329c6d4a9ce533cd6ca5628647a7f99a11d969962fe7555d4946718d895eaa
                                        • Instruction ID: c16f907e816393d646a6b73edb43e2e561f99b045e5eaed04b158d6397676069
                                        • Opcode Fuzzy Hash: 21329c6d4a9ce533cd6ca5628647a7f99a11d969962fe7555d4946718d895eaa
                                        • Instruction Fuzzy Hash: 7AC08C72884028FB87540F30D6DB00A7630EB207CA30602A3CC086F0AB8B304B85AEF2
                                        Function 08F5403B Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 03d4ac43221cb85da29e6972391c49f769d549651ce5514c27b366398cdf70ed
                                        • Instruction ID: bfe211d70dd9192bbfbbee63beee608678d6cdcf1cfaee9b67812f1a94096c91
                                        • Opcode Fuzzy Hash: 03d4ac43221cb85da29e6972391c49f769d549651ce5514c27b366398cdf70ed
                                        • Instruction Fuzzy Hash: 1DB0126340D1AAF442483636240045A34142050533310D350DFB7131C57F2D07411088
                                        Function 05E95646 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8826774c814b6eebd548ed8adfb3ac4c048e974a239471feb107ca5dea871cf5
                                        • Instruction ID: 3b02f52433de7fb8211f0549cab96e700149ef8eecb52b50896bd269427be835
                                        • Opcode Fuzzy Hash: 8826774c814b6eebd548ed8adfb3ac4c048e974a239471feb107ca5dea871cf5
                                        • Instruction Fuzzy Hash: 4DC080766500517FC304D714DD55C657F75F75860270141C2E445C6595C5349D41CF81
                                        Function 08F555FC Relevance: .0, Instructions: 7COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dbbbca7e8374be6fed37a35883e2b3acd7ae7d18f7ae762fccf6f8add1552e4b
                                        • Instruction ID: 289a9aafe286257d5086e3007bddae00df039d917a521dee7dec115cd6e2f6a4
                                        • Opcode Fuzzy Hash: dbbbca7e8374be6fed37a35883e2b3acd7ae7d18f7ae762fccf6f8add1552e4b
                                        • Instruction Fuzzy Hash: 88C08CB2200224CFC3049B24C285A043B70BB64206B0200C9F8029B2E0CF35CE80CE01
                                        Function 08F5567D Relevance: .0, Instructions: 7COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2bc711a5c71c1fa570aef0b66774216a1b181c06d24f54f1933e07b8352949d
                                        • Instruction ID: 225d23a8be460eae06e4eaeb0b4e5329abfb7f697acf6eac96401dcc72e862b9
                                        • Opcode Fuzzy Hash: c2bc711a5c71c1fa570aef0b66774216a1b181c06d24f54f1933e07b8352949d
                                        • Instruction Fuzzy Hash: EBC08C365383858FC7000B68C8AD0997B38F7316323B24383C822BE3D8DE2589829E42
                                        Function 05E92624 Relevance: .0, Instructions: 7COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1891386095.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_5e90000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 454333015a983190d33bdcd91ee07b8121708de1863dd5aabf9ff50edd93932d
                                        • Instruction ID: 6f84a52f8b5aaee6b297426175c105be31325ea8f9d21eb438af6bee06f7d277
                                        • Opcode Fuzzy Hash: 454333015a983190d33bdcd91ee07b8121708de1863dd5aabf9ff50edd93932d
                                        • Instruction Fuzzy Hash: 3DC012B48042098FCB55CF20888A489BEB5AB9C300F2084AA804A96700E6305690CE44
                                        Function 0639C75C Relevance: .0, Instructions: 6COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c60f63341af75de167da5370e1410681f8cc3b07e1d50ea65f7c63d462edfa9b
                                        • Instruction ID: 888a6207f675753ba83ceeb724cb1715bea4f5de9f06df50a106d26116eaf79b
                                        • Opcode Fuzzy Hash: c60f63341af75de167da5370e1410681f8cc3b07e1d50ea65f7c63d462edfa9b
                                        • Instruction Fuzzy Hash: BCC02B391801088FC704CA00F9D144BBF66DBA0200F098083E00B47424CF309941CFC0
                                        Function 0639D3EE Relevance: .0, Instructions: 6COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892990682.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6380000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2f9f0985d4539835ea00cd3ee114df124ca86d1fdc06e15a87d25a17cdb81b3
                                        • Instruction ID: f27eb3893a2469b0c069d85edfdbc1c71475a507aac2570e481967e1d0a5dd69
                                        • Opcode Fuzzy Hash: b2f9f0985d4539835ea00cd3ee114df124ca86d1fdc06e15a87d25a17cdb81b3
                                        • Instruction Fuzzy Hash: A6C02B7401020FCFD700CF3CD30589CBF38D700104F00C505D0015601CC5785640CEA2
                                        Function 08F54676 Relevance: .0, Instructions: 5COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db2a77f083c81b9b17a3bef9984c694c430c2507e509491a0b162ac0d9184caf
                                        • Instruction ID: bd9ed340111ad1207785e2fb7ae7d24b7d83b17e7f7fa50c2e13223a4d7ca60e
                                        • Opcode Fuzzy Hash: db2a77f083c81b9b17a3bef9984c694c430c2507e509491a0b162ac0d9184caf
                                        • Instruction Fuzzy Hash: D3B01237C1547A868704CE60C34AC2EBF38DA3010230301179E06FF0E48E341E0C8DD1
                                        Function 08F5D3AC Relevance: .0, Instructions: 3COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7db15c1c117517b8e399acf0a9f538bba1784b18d1ce8367d415a3ef379d5383
                                        • Instruction ID: 2e9e0531277158ad0c1209fc7c72d36a9c190c698bc4760163ec5bfb40c6eb4f
                                        • Opcode Fuzzy Hash: 7db15c1c117517b8e399acf0a9f538bba1784b18d1ce8367d415a3ef379d5383
                                        • Instruction Fuzzy Hash: 25A002BF469269DF97104FA0914E46E7E74E734206F12008AFB1395698CE348551AF85
                                        Function 08F5F058 Relevance: .0, Instructions: 3COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1906554337.0000000008F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_8f50000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 464beeea1edd6af42c75fbe2e021b7176d157a0cf6a3742839a9abebce516d44
                                        • Instruction ID: b7f867656084bb830e5147592f1aa6714d1b083aa85f8cf0fee084b3248aca63
                                        • Opcode Fuzzy Hash: 464beeea1edd6af42c75fbe2e021b7176d157a0cf6a3742839a9abebce516d44
                                        • Instruction Fuzzy Hash: 47A002B982438DCF8B448F60918E0BD7E34E639292B101745FF4656701EE3452C2DE95

                                        Non-executed Functions

                                        Function 06330006 Relevance: 115.7, Strings: 86, Instructions: 8166COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1892857318.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6330000_FINAL_PDF.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: +^]$+^]$5lz$5lz$ z$ z$&5t$&5t$&U$?$&U$?$&|n+$&|n+$'Ob$'Ob$)N$F$)N$F$)O$)O$*,7$*,7$/lEC$/lEC$1%d$1%d$1:5A$1:5A$2p!$2p!$9jXF$9jXF$<i$$<i$$=9y2$=9y2$=Gtg$=Gtg$A=P3$A=P3$J,QT$J,QT$KnV+$KnV+$Ohy{$Ohy{$O:$O:$TInC$TInC$T`2W$T`2W$T{0x$T{0x$TTC$TTC$XkC`$XkC`$Yt_$Yt_$^"v|$^"v|$_%]&$_%]&$c_z$c_z$ioJl$ioJl$pP{$$pP{$$p$p$sR=$sR=$s_G$s_G$tY%\$tY%\$wsC=$wsC=${$]M${$]M${F${F$~f$~f$G1$G1
                                        • API String ID: 0-1331655061
                                        • Opcode ID: 065d2c058a79bffc6da5eab9642dcbca98706c51c355cd88551dc385201eed16
                                        • Instruction ID: 1c793afd5b1dfe66968d125d00cea7f8ebe78e97f1425a35dcfdd66bc5b149e8
                                        • Opcode Fuzzy Hash: 065d2c058a79bffc6da5eab9642dcbca98706c51c355cd88551dc385201eed16
                                        • Instruction Fuzzy Hash: 97E3F775B4121A4FD75CCE2DCD912A6A6E76BCD300B54E2BE440ADF398EE34DE468B40